jpgreen3 Posted March 4, 2010 Report Share Posted March 4, 2010 This morning I checked uTorrent activity and found that uTorrent reported that nothing was seeding, an unusual status. (No downloads were active either) I checked my "Seeds" group, and uTorrent reported that it was connected to no peers for any torrent in Seeding status. I use Peerblock, which was logging lots of activity to and from the uTorrent port, which I have opened in my Symantec hosts firewall, and port forwarded to this computer in my Linksys internet connection router / firewall. The activity logged by Peerblock ceased when I closed uTorrent. As a test, I restarted uTorrent and stopped all torrents, verifying that the All Torrents showed statuses of either Finished or Stopped. All RSS feeds were also disabled. I again restarted uTorrent with all torrents and RSS feeds inactive, and Peerblock immediately showed a renewal of activity to and from the uTorrent port - between 5-10 log entries per second. I'm running v2 Build 18296. Any idea what could be happening? Clearly, I don't want to run uTorrent if it has been hijacked by some botnet. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted March 4, 2010 Report Share Posted March 4, 2010 What type of traffic is it logging? Link to comment Share on other sites More sharing options...
jpgreen3 Posted March 4, 2010 Author Report Share Posted March 4, 2010 I've checked FAQs and the Forum, and didn't see anything that looked relevant. I ran a two-minute timed test of uTorrent, and have the PeerBlock log segment available for review. It resulted in a 42kB file consisting mainly of UDP activity with the source IP:Port indicating my host IP address and what I've configured as the uTorrent incoming connection port (55448). A distinct minority of the records show the same IP:Port as the destination. This activity in the log started and stopped with uTorrent. I have screen shots showing that there were no active torrents or RSS feeds within this interval, and can similarly document the incoming connection port configuration screen. Is it safe to assume that uTorrent will initiate no network activity on behalf of torrents in Stopped, Finished or Error status? I'll be happy to provide other documentation that might be useful. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted March 4, 2010 Report Share Posted March 4, 2010 Do you have DHT enabled?And why are you trusting peerblock to protect you from ANYTHING? Link to comment Share on other sites More sharing options...
jpgreen3 Posted March 4, 2010 Author Report Share Posted March 4, 2010 I do have DHT enabled. As for PeerBlock . . . Link to comment Share on other sites More sharing options...
DreadWingKnight Posted March 4, 2010 Report Share Posted March 4, 2010 DHT being enabled is enough to cause the UDP traffic you're seeing. Link to comment Share on other sites More sharing options...
Switeck Posted March 4, 2010 Report Share Posted March 4, 2010 DHT working as designed... Link to comment Share on other sites More sharing options...
jpgreen3 Posted March 5, 2010 Author Report Share Posted March 5, 2010 Thanks for the clarification. I ran a test with all of the Basic BitTorrent Features on the BitTorrent tab unchecked, and (after altering the uTorrent port) all the extraneous traffic went away. To my way of thinking, when uTorrent is hosting no active torrents, there should be no network traffic except for polling for RSS and software updates. I've not been able to find a clear description of how Peer Exchange and DHT work and what information they share which would enable me to understand why there is traffic in the presence of no active torrents. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted March 5, 2010 Report Share Posted March 5, 2010 DHT doesn't restrict its "tracking" to torrents you have running on your systemIn fact, you may have never run a torrent at all and you'd still end up with DHT traffic for torrents.It's a function of that protocol. Link to comment Share on other sites More sharing options...
Switeck Posted March 5, 2010 Report Share Posted March 5, 2010 Peer Exchange trades lists of peer/seed ips with the peers/seeds you're connected to on a public torrent. Link to comment Share on other sites More sharing options...
Firon Posted March 5, 2010 Report Share Posted March 5, 2010 DHT is a separate overlay network that is always active. It's just how it works. Skype's the same, it is always active even when you aren't using it.http://en.wikipedia.org/wiki/Distributed_hash_table Link to comment Share on other sites More sharing options...
jpgreen3 Posted March 5, 2010 Author Report Share Posted March 5, 2010 This information has been helpful. I see how the concept of an "overlay network" and the related peer-to-peer traffic is necessary in support of a "distributed tracker" function that supports the whole BitTorrent community. Thanks for your support. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.