Archatos Posted August 31, 2010 Report Share Posted August 31, 2010 Didn't run the sniffer for any extended period, but after removing the bittorrent.com search engine entry, i didn't notice anything specific at least. So guessing the µTorrent client is contacting the search engine?Would of course be nice to see some confirmation from the devs on what traffic we should expect from the client to BitTorrent Inc though Link to comment Share on other sites More sharing options...
paintball9 Posted August 31, 2010 Report Share Posted August 31, 2010 Record the communication with wireshark. See what's in it.Please read entire topic before posting another time. Thank You.Seriously? I've already posted about 4 above that one, Obviously I'm already familiar with the topic. You asked what was the purpose of the traffic and I pointed you to a way to find out. No need to snap at me. Especially when you're the one wanting help on a topic that's at best trivial. Link to comment Share on other sites More sharing options...
Firon Posted September 1, 2010 Report Share Posted September 1, 2010 Didn't run the sniffer for any extended period, but after removing the bittorrent.com search engine entry, i didn't notice anything specific at least. So guessing the µTorrent client is contacting the search engine?Would of course be nice to see some confirmation from the devs on what traffic we should expect from the client to BitTorrent Inc though Uh, you'll see DNS traffic (some of it goes to utorrent.com too), and I guess we try to download the favicon for whatever search site is listed, at least in 2.2.The rest is autoupdates and crash reports, but that goes to utorrent.com instead. Link to comment Share on other sites More sharing options...
plim121 Posted September 1, 2010 Author Report Share Posted September 1, 2010 While i highly doubt this is anything to worry about, I do understand the reaction from plim121 here.Asking a question like "What kind of communication goes from my client to it's developers when I've shut off the options I can see for such communication?" shouldn't require a lot of "troubleshooting" and wireshark logs.Surely the µTorrent developers should easily be able to answer what kind of communication between the µTorrent client and the BitTorrent Inc servers they have coded in?Exactly my toughs. I noticed first traffic on 23th of August. Week later I'm still using uTorrent. I don't think that answering what communication and why it occurs should by that hard... I did all You guys/gals asked me.I'm pretty sure this is just DNS traffic.My protocol knowledge isn't big by I can spot DNS traffic and this is definitely not.Didn't run the sniffer for any extended period, but after removing the bittorrent.com search engine entry, i didn't notice anything specific at least. So guessing the µTorrent client is contacting the search engine?Would of course be nice to see some confirmation from the devs on what traffic we should expect from the client to BitTorrent Inc thoughI've got all search engines disabled.Seriously? I've already posted about 4 above that one, Obviously I'm already familiar with the topic. You asked what was the purpose of the traffic and I pointed you to a way to find out. No need to snap at me. Especially when you're the one wanting help on a topic that's at best trivial.Recording with wireshark all uTorrent communication was first suggested by @DreadWingKnight. I did it. And more. I've already posted two replies with results before You suggested it. So sorry but my comment stands.Uh, you'll see DNS traffic (some of it goes to utorrent.com too), and I guess we try to download the favicon for whatever search site is listed, at least in 2.2.The rest is autoupdates and crash reports, but that goes to utorrent.com instead.I'll tell it again if I need to. I've disabled DHT, automatic updates and sending detailed info when checking for updates. + to clarify I've got all search engines disabled too. It's not DNS traffic. uTorrent didn't crash.And as @Archatos said: Would of course be nice to see some confirmation from the devs on what traffic we should expect from the client to BitTorrent Inc though. Link to comment Share on other sites More sharing options...
Archatos Posted September 1, 2010 Report Share Posted September 1, 2010 Like I said, I didn't run the sniffer for too long, but with all the features I could find that would send any traffic to BitTorrent Inc disabled I didn't notice any traffic at all going there. I'll set up a filter to only include the IP addresses you provided and leave it running for a few hours to see if there is anything. Link to comment Share on other sites More sharing options...
oao Posted September 3, 2010 Report Share Posted September 3, 2010 But can you explain why this has started only with 2.0.4? Why it has not happened with earlier versions? Link to comment Share on other sites More sharing options...
paintball9 Posted September 3, 2010 Report Share Posted September 3, 2010 I don't think it's 2.04 alone but rather a change in peerblock's blocklists that brought it to your attention. I believe it as an update 2 weeks ago that started it. Link to comment Share on other sites More sharing options...
oao Posted September 3, 2010 Report Share Posted September 3, 2010 OK,But given what the others are saying here, the question remains as to the nature of all those connections and why PeerBlock started blocking it now. It is a reasonable request and I would suggest advisable to reassure uTorrent users with accurate details about them. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted September 3, 2010 Report Share Posted September 3, 2010 I still wonder why people are of the delusion that peerblock actually protects them from anything. Link to comment Share on other sites More sharing options...
oao Posted September 3, 2010 Report Share Posted September 3, 2010 I've actually seen monitoring research that concluded that without blocking there is a 100% to be monitored and hit by somebody and that blocking significantly reduces it. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted September 3, 2010 Report Share Posted September 3, 2010 http://torrentfreak.com/how-any-bittorrent-user-can-collect-lawsuit-evidence-100903/Honestly, it's not worth the wasted resources. Link to comment Share on other sites More sharing options...
plim121 Posted September 4, 2010 Author Report Share Posted September 4, 2010 @DreadWingKnight I agree with You that using blocking software with your list of choice is no more then improving your mood and giving some false safety but is not the main topic.I tested uTorrent in different setups and with different options, during download and upload. There are still outgoing connections to Bittorrent Inc server. The data is transfered to Bittorrent Inc server. The Bittorrent Inc server actively responds.No one wants to answer why???? There are no devs on this forum? Link to comment Share on other sites More sharing options...
oao Posted September 4, 2010 Report Share Posted September 4, 2010 It's starting to look as if they don't want to answer, which is why I urged them to.At to blocking: the article referred to says that the info collected is evidence of activity, but not evidence for infringement.As far as I understand, the latter requires getting into your system and that's what blocking prevents.If I am wrong, please correct me.It looks like the risk is greater that the lists can't keep up with the monitors. Link to comment Share on other sites More sharing options...
rafi Posted September 7, 2010 Report Share Posted September 7, 2010 Here is a cap with a few transactions "home". Can you read this a tell us what's inside ? (both updates/reports disabled, 1 torrent DLing, 2 seeding, filtered IPs:208.72.192.166/156 , 67.215.233.130 ) Thanks!http://www.mediafire.com/?06ouiv90yark55oAlternate location:http://hostfil.es/file/15787/reporting-home-cap.html http://hostfil.es/file/15788/reporting-home1-cap.htm Link to comment Share on other sites More sharing options...
paintball9 Posted September 7, 2010 Report Share Posted September 7, 2010 Just looked through your Capture, rafi.Here's what happensA few pings first to ensure connectivity (possibly a port check for the status light)Then a check for update requestA server OK response (200) Acknowledging the sending of gzip data(probably asking what version you are running)Then a response from you sending out that you're running 20586A resend, (apparently it failed first)An acknowledgment of receipt and sending of current version stats indicating an update is not required.A second update check 5 minutes laterA whole bunch of uPnP packets, (basically all blocked, probably by your router/firewall) Only packets leaving on 32457 arrive (your configured port)A search on torrentz.com at packet 150and then opening a page on this forum shortly after.Only puzzling thing is why the uPnP packets are trying different ports than the configured. Link to comment Share on other sites More sharing options...
oao Posted September 7, 2010 Report Share Posted September 7, 2010 2 questions:1. With autoupdates off why the version check?2. Why in my case it repeats so often? Link to comment Share on other sites More sharing options...
rafi Posted September 7, 2010 Report Share Posted September 7, 2010 I wonder - why is a search reported "home" . I guess I have to block the BT IP in my firewall .Here is the next ~300 packets, from the last two hours... http://www.mediafire.com/?csdtygc4fvw11rvalternate location:http://hostfil.es/file/15788/reporting-home1-cap.html Link to comment Share on other sites More sharing options...
paintball9 Posted September 7, 2010 Report Share Posted September 7, 2010 The search uses a frame that is hosted on this site for the headers. (notice the uTorrent search as the name of the page, Only the actual search is on torrentz.com) if you block it then your searches probably won't work. And if you're blocking http traffic to that site then you could very well be blocking this forum as well. Seeing as one of the packets referred to forums.utorrent.com in it's request.Went through your second post rafi.There's no new update checks in this one. Still tons of uPnP packets though. Do you have uPnP and NAT on? Seeing as your connection is port-forwarded anyways you don't need them/should turn them off.Edit - NM that Frame thing. I guess they removed it now. An older version was having issues with page sizes before, Guess that was the fix they went with. Link to comment Share on other sites More sharing options...
schnurlos Posted September 7, 2010 Report Share Posted September 7, 2010 Just my 2 cents:Does anybody of you have irc.utorrent.com running while you do this? Link to comment Share on other sites More sharing options...
oao Posted September 7, 2010 Report Share Posted September 7, 2010 Not me. Link to comment Share on other sites More sharing options...
Ultima Posted September 7, 2010 Report Share Posted September 7, 2010 Edit - NM that Frame thing. I guess they removed it now.Are you referring to gui.bypass_search_redirect? Link to comment Share on other sites More sharing options...
rafi Posted September 7, 2010 Report Share Posted September 7, 2010 . Still tons of uPnP packets though. Do you have uPnP and NAT on? .nohttp://a.imageshack.us/img3/2972/61573983.pngPS: and yes, I'm on the IRC channel. But I thought that the uT port# point to uT alone... Link to comment Share on other sites More sharing options...
paintball9 Posted September 7, 2010 Report Share Posted September 7, 2010 Edit - NM that Frame thing. I guess they removed it now.Are you referring to gui.bypass_search_redirect?I'm assuming' date=' There was an issue a couple weeks ago where people were getting the searches in a 1x1 inch frame. It was caused by broken html code in the redirect page. If you guys changed the default in advanced then it wouldn't do that anymore.. Still tons of uPnP packets though. Do you have uPnP and NAT on? .nohttp://a.imageshack.us/img3/2972/61573983.pngPS: and yes' date=' I'm on the IRC channel. But I thought that the uT port# point to uT alone...[/quote']Only some of the outgoing requests are from your utorrent port. (the ones that get through)I guess it could be IRC, but why the random ports all over the place, it should still be sticking to one specific port should it not?The reason I'm leaning towards those packets being uPnP. is that the only intelligible data in them (it moves around a bit each packet) is the letters P N P, Spaced differently or replaced in some cases, but always right near the end of the data. Link to comment Share on other sites More sharing options...
rafi Posted September 7, 2010 Report Share Posted September 7, 2010 uPnP in uT is for port forwarding and destined to the gateway (router), not likely for BT inc server IP. Link to comment Share on other sites More sharing options...
Aaron.Walkhouse Posted September 10, 2010 Report Share Posted September 10, 2010 I have confirmed that three peers are running in the 208.72.192.0/21 range allocated to BitTorrent, Inc.The addresses seen by me are 208.72.192.2, 208.72.192.156 and 208.72.192.166 and they appear inthe peers list of many of my legally shared seeding swarms.[em]As this activity apparently conflicts with the stated intentions of the Privacy Policy as posted on this website…[/em][em] - a detailed technical explanation of the activity, - of Company intentions behind the activity, - and how BitTorrent, Inc. will ensure the activity conforms to the policy [/em][em]…is now necessary in order to maintain public trust in the company and the µTorrent software.[/em]I call upon members of the executive staff or owners to reply in detail to the listed points. A full week to consult technical staff and counsel in order to compose a suitable reply should be sufficient. Failure to respond within seven days and within this thread in view of the public by identified executive staff or listed ownership of BitTorrent, Inc., deletion of this post or thread, closure of this thread, any attempt in public or in private to suppress and avoid this public challenge or actions and omissions to break communication with me in any way will be construed and subsequently publicized as implicit admission that a breach of the Privacy Policy as posted has occurred without intentions to rectify the actions or clarify their purpose. Communications in private by email is not expressly forbidden but the issue is that of public trust; therefore public response is both warranted and necessary under the circumstances. Put simply, [em]I am giving you no choice but to explain it here[/em].I sincerely hope for a reasonable explanation and we all eagerly await a detailed response.All forums staff should refrain from comment, forward this message to the company directly to be handled as they see fit, and then wait for direction from the company. This is a matter for company leaders or directors to address and so is addressed to them directly in this public forum as this is the most appropriate place for matters of public trust and company policy concerning the privacy of forum members and users of µTorrent."Bittorrent Inc. Privacy Challenge,txt" (filed Thursday, Sept 9, 2010 for conditional release Thursday, Sept 16, 2010) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.