Jump to content

Is this normal behaviour?


Recommended Posts

I can't find anything related to it the particular issue when I searched. I did however find this relating to the peer.

Is this normal behaviour for uTorrent?

This appeared in my logs:

365 my.int.lan.ip UDP Source port: 40435 Destination port: my.utorrent.port

505 my.int.lan.ip NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>

509 my.int.lan.ip NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>

511 my.int.lan.ip NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>

Link to comment
Share on other sites

Yes. The first packet is from, connecting to my open uTorrent port. Then a few moments later the Netbios packets outward from my computer to These type of packets are prohibited from leaving my network but I'm just curious as to why this happened. I only came across it by accident.

I was monitoring the connection for quite a while prior to this happening (the occasional interruption as I paused and restarted the capture) and for quite a while afterwards. These are the only packets with that src/dest.

I just find it quite odd.

Link to comment
Share on other sites

  • 2 years later...

I know this is a rather old post but I've also been observing this behavior with this additional info:

In my case, I noticed that whenever I started uTorrent it would send a netbios:137 out to one specific external ip ( This ip was a peer on a stalled download and curiously had no country flag against its address (more on that later). Obviously(?) I was blocking outbound ports 135-139 at my firewall. But what concerned me was that I was also being TCP scanned by that same external ip over a large range and over an extended period until I paused the torrent or eventually removed the torrent. (I had also tried the ipfilter but it had no effect.))

After I removed the torrent, I noticed another netbois:137 transmission going out but this time to another external ip ( Again, this ip was a peer on another stalled torrent. And again, it had no country flag against its address. Curious. Although, I was not being TCP scanned by this ip, I removed the stalled torrent just to be safe.

I should point out that these were the only netbios transmissions logged on the firewall.

Additional Info:

For the curious, the torrent for the first described event can be found at:


I don't know how long might lurk on it but for me it stalled at around 64% (or was that 68%).

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...