plim121 Posted August 30, 2010 Report Share Posted August 30, 2010 First I want to say hello to all of uTorrent users.I recently noticed that my uTorrent client ( version 2.0.4 build 21586) is trying to connect with BItTorrent Inc servers ( ip numbers 208.72.192.166 and 208.72.192.156). I'm talking about hundreds TCP and UDP outgoing connections a day- to be specific they are all blocked by my software.I've got disabled DHT, automatic updates and sending detailed info when checking for updates.Could someone explain why is uTorrent client trying so hard to connect with BItTorrent Inc servers?Thank You all for your attention. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted August 30, 2010 Report Share Posted August 30, 2010 Blocked by overparanoid and horridly broken peerblock blocklists you mean?Do you have torrents active that have those IPs in their peerlists? Link to comment Share on other sites More sharing options...
plim121 Posted August 30, 2010 Author Report Share Posted August 30, 2010 Blocked by overparanoid and horridly broken peerblock blocklists you mean?Do you have torrents active that have those IPs in their peerlists?Torrents active: yes.Those IPs aren't present in the peers list. Link to comment Share on other sites More sharing options...
Switeck Posted August 30, 2010 Report Share Posted August 30, 2010 Do any of your trackers map to those ips?That might explain seeing only 100's of ips blocked instead of 1000's. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted August 30, 2010 Report Share Posted August 30, 2010 Those IPs aren't present in the peers list.How are you determining this? Link to comment Share on other sites More sharing options...
plim121 Posted August 30, 2010 Author Report Share Posted August 30, 2010 Do any of your trackers map to those ips?That might explain seeing only 100's of ips blocked instead of 1000's.Tracker I use is private, small number of peers less then 100 IPs connected to a single torrent.This connections occur during different single torrents loaded.Sorry but I don't understand this: Do any of your trackers map to those ips? Could You explain it a little more. Thank You.Those IPs aren't present in the peers list.How are you determining this?I disabled "overparanoid and horridly broken peerblock blocklists" and waited 30min then checked if those IPs will surface. I didn't noticed them. I don't know any software to check the swarm ( bitaudit comes to mind but it is in closed beta stage). Link to comment Share on other sites More sharing options...
Switeck Posted August 30, 2010 Report Share Posted August 30, 2010 A tracker's URL gets converted into an ip the same as a regular web address.You're using right-click in Peers window to gather the peers list? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted August 30, 2010 Report Share Posted August 30, 2010 So highlighting the torrents and copying the peer list from the peers tab is something you didn't know about?Also, why aren't you packetsniffing using wireshark to see what the communication actually is? Link to comment Share on other sites More sharing options...
plim121 Posted August 30, 2010 Author Report Share Posted August 30, 2010 A tracker's URL gets converted into an ip the same as a regular web address.You're using right-click in Peers window to gather the peers list?Tracker ip is different than those two ips I wrote about in the first post ( whois information is very clear).And yes my only information that those 2 ip addresses aren't connected to this tracker- torrent is thanks to uTorrent peer tab/window.So highlighting the torrents and copying the peer list from the peers tab is something you didn't know about?Also, why aren't you packetsniffing using wireshark to see what the communication actually is?To clarify: And yes my only information that those 2 ip addresses aren't connected to this tracker- torrent is thanks to uTorrent peer tab/window.Sorry If I wasn't to clear about it.I'll now use wireshark. Thank You. Link to comment Share on other sites More sharing options...
plim121 Posted August 30, 2010 Author Report Share Posted August 30, 2010 So highlighting the torrents and copying the peer list from the peers tab is something you didn't know about?Also, why aren't you packetsniffing using wireshark to see what the communication actually is?So I found some spare time and used wireshark. The results are weird to me. Te communication with Bittorrent Inc ip 208.72.192.166 has noting to do with torrent download/upload.I don't possess enough knowledge to say what is it all about. I hope that uTorrent devs can.Circumstances are: uTorrent is running, torrent is active ( downloading), private tracker.Communication between my computer and ip 208.72.192.166 ( Bittorrent Inc) starts:- UDP, my computer>Bittorrent Inc, port xxx ( port used by my uTorrent) to port 63759- TCP, my computer>Bittorrent Inc, port 4306 to port 63759- TCP, Bittorrent Inc>my computer, port 63759 to port 4306- ICMP, Bittorrent Inc>my computer, blocked by firewall- TCP, my computer>Bittorrent Inc, port 4306 to port 63759- TCP, Bittorrent Inc>my computer, port 63759 to port 4306- TCP, my computer>Bittorrent Inc, port 4306 to port 63759- TCP, Bittorrent Inc>my computer, port 63759 to port 4306then another communication occurs:- UDP, my computer>Bittorrent Inc, port xxx ( port used by my uTorrent) to port 63759- TCP, my computer>Bittorrent Inc, port 4325 to port 63759- ICMP, Bittorrent Inc>my computer, blocked by firewall- TCP, Bittorrent Inc>my computer, port 63759 to port 4325- TCP, my computer>Bittorrent Inc, port 4325 to port 63759- TCP, Bittorrent Inc>my computer, port 63759 to port 4325- TCP, my computer>Bittorrent Inc, port 4325 to port 63759- TCP, Bittorrent Inc>my computer, port 63759 to port 4325last one:- UDP, my computer>Bittorrent Inc, port xxx ( port used by my uTorrent) to port 63759- TCP, my computer>Bittorrent Inc, port 4367 to port 63759- ICMP, Bittorrent Inc>my computer, blocked by firewall- TCP, my computer>Bittorrent Inc, port 4367 to port 63759- TCP, Bittorrent Inc>my computer, port 63759 to port 4367- TCP, my computer>Bittorrent Inc, port 4367 to port 63759- TCP, Bittorrent Inc>my computer, port 63759 to port 4367Used ports ( iana):4306 tcp Hellgate London pinghgl4325 tcp Cadcorp GeognoSIS Manager Service geognosisman4367 tcp UnassignedSo any ideas why my uTorrent likes to speak with Bittorrent Inc? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted August 30, 2010 Report Share Posted August 30, 2010 do you have bandwidth management (uTP) enabled?What do the packets contain? Link to comment Share on other sites More sharing options...
plim121 Posted August 30, 2010 Author Report Share Posted August 30, 2010 do you have bandwidth management (uTP) enabled?What do the packets contain?Yes I've got uTP enabled.Data part contain something like this. In my opinion nothing usable to solving this "problem".0000 41 02 50 23 31 89 24 27 00 00 00 00 00 38 00 00 A.P#1.$'.....8..0010 00 01 00 00 00 08 00 00 00 00 00 00 00 00 ............... Link to comment Share on other sites More sharing options...
paintball9 Posted August 30, 2010 Report Share Posted August 30, 2010 I'd like to add that I also have this traffic appear despite only being on a private tracker. I've let it through, but it appears to connect 5-6 times in the first couple seconds of uTorrent being turned on. Only recent versions appear to do this. (I'm using 2.2) Link to comment Share on other sites More sharing options...
moogly Posted August 30, 2010 Report Share Posted August 30, 2010 Are you sure it's not relative to the survey promo in few versions of µT? Link to comment Share on other sites More sharing options...
Firon Posted August 30, 2010 Report Share Posted August 30, 2010 208.72.192.166 is one of the nameservers for utorrent/bittorrent.com Link to comment Share on other sites More sharing options...
paintball9 Posted August 30, 2010 Report Share Posted August 30, 2010 Any reason (besides checking for updates) that it would attempt to connect?I don't think peerblock had that domain on their list last week as I've never seen it come up as blocked before. Ill look for a way to report it as safe. Link to comment Share on other sites More sharing options...
pippincp Posted August 31, 2010 Report Share Posted August 31, 2010 Just use your fireewall to block it.-no reason for it except updates. Could also be a reason for some private trackers banning recent versions.ILT won't allow any version above 1.6.1 Link to comment Share on other sites More sharing options...
DreadWingKnight Posted August 31, 2010 Report Share Posted August 31, 2010 Well, after the last security hole found and fixed, they had better change.ALL old builds are unsafe. Link to comment Share on other sites More sharing options...
plim121 Posted August 31, 2010 Author Report Share Posted August 31, 2010 So can I ask again why my uTorrent client try ( or as I've showed connects) with ip belonging to Bittorrent Inc?I have written in my first post that I've disabled DHT, automatic updates and sending detailed info when checking for updates.I think uTorrent developers should know what purpose is for this connection. The Bittorrent Inc ip actively responded. It is not one way communication.Thank You very much. Link to comment Share on other sites More sharing options...
paintball9 Posted August 31, 2010 Report Share Posted August 31, 2010 Record the communication with wireshark. See what's in it. Link to comment Share on other sites More sharing options...
plim121 Posted August 31, 2010 Author Report Share Posted August 31, 2010 Record the communication with wireshark. See what's in it.Please read entire topic before posting another time. Thank You. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted August 31, 2010 Report Share Posted August 31, 2010 Provide the packet capture then. Link to comment Share on other sites More sharing options...
plim121 Posted August 31, 2010 Author Report Share Posted August 31, 2010 Provide the packet capture then.I can do this. But I can provide whole wireshark log to uTorrent developers. I'll not post it in open forum. This logs can contain sensitive data.As of this moment I think that I provided enough information to support and describe the topic.I will tell this once again. uTorrent isn't communicating with some unknown ip- it's Bittorrent Inc.The Bittorrent Inc ip actively responded. It is not one way communication.This forum is uTorrent official forum. So I would think that uTorrent developers use it. If developed program ( uTorrent) do something I would think that action is design and implemented by those developers. I'd like to know why this communication occurs. Link to comment Share on other sites More sharing options...
Archatos Posted August 31, 2010 Report Share Posted August 31, 2010 While i highly doubt this is anything to worry about, I do understand the reaction from plim121 here.Asking a question like "What kind of communication goes from my client to it's developers when I've shut off the options I can see for such communication?" shouldn't require a lot of "troubleshooting" and wireshark logs.Surely the µTorrent developers should easily be able to answer what kind of communication between the µTorrent client and the BitTorrent Inc servers they have coded in? Link to comment Share on other sites More sharing options...
Firon Posted August 31, 2010 Report Share Posted August 31, 2010 I'm pretty sure this is just DNS traffic. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.