greatwhite Posted September 9, 2009 Report Share Posted September 9, 2009 I can't find anything related to it the particular issue when I searched. I did however find this relating to the peer.Is this normal behaviour for uTorrent?This appeared in my logs:365 217.118.93.101 my.int.lan.ip UDP Source port: 40435 Destination port: my.utorrent.port505 my.int.lan.ip 217.118.93.101 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>509 my.int.lan.ip 217.118.93.101 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>511 my.int.lan.ip 217.118.93.101 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> Link to comment Share on other sites More sharing options...
GTHK Posted September 9, 2009 Report Share Posted September 9, 2009 What's the log formatting, source and then target address? Link to comment Share on other sites More sharing options...
greatwhite Posted September 9, 2009 Author Report Share Posted September 9, 2009 Yes. The first packet is from 217.118.93.101, connecting to my open uTorrent port. Then a few moments later the Netbios packets outward from my computer to 217.118.93.101. These type of packets are prohibited from leaving my network but I'm just curious as to why this happened. I only came across it by accident.I was monitoring the connection for quite a while prior to this happening (the occasional interruption as I paused and restarted the capture) and for quite a while afterwards. These are the only packets with that src/dest.I just find it quite odd. Link to comment Share on other sites More sharing options...
GTHK Posted September 9, 2009 Report Share Posted September 9, 2009 Google might provide useful information >-> Link to comment Share on other sites More sharing options...
greatwhite Posted September 10, 2009 Author Report Share Posted September 10, 2009 Seems like it might be a fallback for name resolution if DNS fails. Yet to confirm though.Edit: this is actually a standard Windows behavious, d'oh. Link to comment Share on other sites More sharing options...
anon256 Posted March 22, 2012 Report Share Posted March 22, 2012 I know this is a rather old post but I've also been observing this behavior with this additional info: In my case, I noticed that whenever I started uTorrent it would send a netbios:137 out to one specific external ip (176.24.221.144). This ip was a peer on a stalled download and curiously had no country flag against its address (more on that later). Obviously(?) I was blocking outbound ports 135-139 at my firewall. But what concerned me was that I was also being TCP scanned by that same external ip over a large range and over an extended period until I paused the torrent or eventually removed the torrent. (I had also tried the ipfilter but it had no effect.))After I removed the torrent, I noticed another netbois:137 transmission going out but this time to another external ip (101.109.12.114). Again, this ip was a peer on another stalled torrent. And again, it had no country flag against its address. Curious. Although, I was not being TCP scanned by this ip, I removed the stalled torrent just to be safe. I should point out that these were the only netbios transmissions logged on the firewall. Additional Info:For the curious, the torrent for the first described event can be found at: http://thepiratebay.se/torrent/6982249/Melways_for_OziExplorer_(2011)I don't know how long 176.24.221.144 might lurk on it but for me it stalled at around 64% (or was that 68%). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.