Jump to content

uTorrent: hundreds outgoing connections to BItTorrent Inc

plim121

By plim121
in General

Recommended Posts

Archatos Advanced Member

Archatos

Posted
Posted

Didn't run the sniffer for any extended period, but after removing the bittorrent.com search engine entry, i didn't notice anything specific at least. So guessing the µTorrent client is contacting the search engine?

Would of course be nice to see some confirmation from the devs on what traffic we should expect from the client to BitTorrent Inc though :)

Link to comment
Share on other sites
  • Replies 67
  • Created
  • Last Reply
paintball9 Advanced Member

paintball9

Posted
Posted
Record the communication with wireshark. See what's in it.

Please read entire topic before posting another time. Thank You.

Seriously? I've already posted about 4 above that one, Obviously I'm already familiar with the topic. You asked what was the purpose of the traffic and I pointed you to a way to find out. No need to snap at me. Especially when you're the one wanting help on a topic that's at best trivial.

Link to comment
Share on other sites
Firon Advanced Member

Firon

Posted
Posted
Didn't run the sniffer for any extended period, but after removing the bittorrent.com search engine entry, i didn't notice anything specific at least. So guessing the µTorrent client is contacting the search engine?

Would of course be nice to see some confirmation from the devs on what traffic we should expect from the client to BitTorrent Inc though :)

Uh, you'll see DNS traffic (some of it goes to utorrent.com too), and I guess we try to download the favicon for whatever search site is listed, at least in 2.2.

The rest is autoupdates and crash reports, but that goes to utorrent.com instead.

Link to comment
Share on other sites
plim121 Member

plim121

Posted
  • Author
Posted
While i highly doubt this is anything to worry about, I do understand the reaction from plim121 here.

Asking a question like "What kind of communication goes from my client to it's developers when I've shut off the options I can see for such communication?" shouldn't require a lot of "troubleshooting" and wireshark logs.

Surely the µTorrent developers should easily be able to answer what kind of communication between the µTorrent client and the BitTorrent Inc servers they have coded in?

Exactly my toughs. I noticed first traffic on 23th of August. Week later I'm still using uTorrent. I don't think that answering what communication and why it occurs should by that hard... I did all You guys/gals asked me.

I'm pretty sure this is just DNS traffic.

My protocol knowledge isn't big by I can spot DNS traffic and this is definitely not.

Didn't run the sniffer for any extended period, but after removing the bittorrent.com search engine entry, i didn't notice anything specific at least. So guessing the µTorrent client is contacting the search engine?

Would of course be nice to see some confirmation from the devs on what traffic we should expect from the client to BitTorrent Inc though

I've got all search engines disabled.

Seriously? I've already posted about 4 above that one, Obviously I'm already familiar with the topic. You asked what was the purpose of the traffic and I pointed you to a way to find out. No need to snap at me. Especially when you're the one wanting help on a topic that's at best trivial.

Recording with wireshark all uTorrent communication was first suggested by @DreadWingKnight. I did it. And more. I've already posted two replies with results before You suggested it. So sorry but my comment stands.

Uh, you'll see DNS traffic (some of it goes to utorrent.com too), and I guess we try to download the favicon for whatever search site is listed, at least in 2.2.

The rest is autoupdates and crash reports, but that goes to utorrent.com instead.

I'll tell it again if I need to. I've disabled DHT, automatic updates and sending detailed info when checking for updates. + to clarify I've got all search engines disabled too. It's not DNS traffic. uTorrent didn't crash.

And as @Archatos said: Would of course be nice to see some confirmation from the devs on what traffic we should expect from the client to BitTorrent Inc though.

Link to comment
Share on other sites
Archatos Advanced Member

Archatos

Posted
Posted

Like I said, I didn't run the sniffer for too long, but with all the features I could find that would send any traffic to BitTorrent Inc disabled I didn't notice any traffic at all going there. I'll set up a filter to only include the IP addresses you provided and leave it running for a few hours to see if there is anything.

Link to comment
Share on other sites
oao Advanced Member

oao

Posted
Posted

OK,

But given what the others are saying here, the question remains as to the nature of all those connections and why PeerBlock started blocking it now.

It is a reasonable request and I would suggest advisable to reassure uTorrent users with accurate details about them.

Link to comment
Share on other sites
plim121 Member

plim121

Posted
  • Author
Posted

@DreadWingKnight I agree with You that using blocking software with your list of choice is no more then improving your mood and giving some false safety but is not the main topic.

I tested uTorrent in different setups and with different options, during download and upload. There are still outgoing connections to Bittorrent Inc server. The data is transfered to Bittorrent Inc server. The Bittorrent Inc server actively responds.

No one wants to answer why???? There are no devs on this forum?

Link to comment
Share on other sites
oao Advanced Member

oao

Posted
Posted

It's starting to look as if they don't want to answer, which is why I urged them to.

At to blocking: the article referred to says that the info collected is evidence of activity, but not evidence for infringement.As far as I understand, the latter requires getting into your system and that's what blocking prevents.

If I am wrong, please correct me.

It looks like the risk is greater that the lists can't keep up with the monitors.

Link to comment
Share on other sites
rafi Advanced Member

rafi

Posted
Posted

Here is a cap with a few transactions "home". Can you read this a tell us what's inside ?

(both updates/reports disabled, 1 torrent DLing, 2 seeding, filtered IPs:

208.72.192.166/156 , 67.215.233.130 )

Thanks!

http://www.mediafire.com/?06ouiv90yark55o

Alternate location:

http://hostfil.es/file/15787/reporting-home-cap.html

http://hostfil.es/file/15788/reporting-home1-cap.htm

47396305.th.png

Link to comment
Share on other sites
paintball9 Advanced Member

paintball9

Posted
Posted

Just looked through your Capture, rafi.

Here's what happens

A few pings first to ensure connectivity (possibly a port check for the status light)

Then a check for update request

A server OK response (200) Acknowledging the sending of gzip data

(probably asking what version you are running)

Then a response from you sending out that you're running 20586

A resend, (apparently it failed first)

An acknowledgment of receipt and sending of current version stats indicating an update is not required.

A second update check 5 minutes later

A whole bunch of uPnP packets, (basically all blocked, probably by your router/firewall) Only packets leaving on 32457 arrive (your configured port)

A search on torrentz.com at packet 150

and then opening a page on this forum shortly after.

Only puzzling thing is why the uPnP packets are trying different ports than the configured.

Link to comment
Share on other sites
paintball9 Advanced Member

paintball9

Posted
Posted

The search uses a frame that is hosted on this site for the headers. (notice the uTorrent search as the name of the page, Only the actual search is on torrentz.com) if you block it then your searches probably won't work. And if you're blocking http traffic to that site then you could very well be blocking this forum as well. Seeing as one of the packets referred to forums.utorrent.com in it's request.

Went through your second post rafi.

There's no new update checks in this one. Still tons of uPnP packets though. Do you have uPnP and NAT on? Seeing as your connection is port-forwarded anyways you don't need them/should turn them off.

Edit - NM that Frame thing. I guess they removed it now. An older version was having issues with page sizes before, Guess that was the fix they went with.

Link to comment
Share on other sites
paintball9 Advanced Member

paintball9

Posted
Posted
Edit - NM that Frame thing. I guess they removed it now.

Are you referring to gui.bypass_search_redirect?

I'm assuming' date=' There was an issue a couple weeks ago where people were getting the searches in a 1x1 inch frame. It was caused by broken html code in the redirect page. If you guys changed the default in advanced then it wouldn't do that anymore.

. Still tons of uPnP packets though. Do you have uPnP and NAT on? .

no

http://a.imageshack.us/img3/2972/61573983.png

PS: and yes' date=' I'm on the IRC channel. But I thought that the uT port# point to uT alone...[/quote']

Only some of the outgoing requests are from your utorrent port. (the ones that get through)

I guess it could be IRC, but why the random ports all over the place, it should still be sticking to one specific port should it not?

The reason I'm leaning towards those packets being uPnP. is that the only intelligible data in them (it moves around a bit each packet) is the letters P N P, Spaced differently or replaced in some cases, but always right near the end of the data.

Link to comment
Share on other sites
Aaron.Walkhouse Member

Aaron.Walkhouse

Posted
Posted

I have confirmed that three peers are running in the 208.72.192.0/21 range allocated to BitTorrent, Inc.

The addresses seen by me are 208.72.192.2, 208.72.192.156 and 208.72.192.166 and they appear in

the peers list of many of my legally shared seeding swarms.

[em]As this activity apparently conflicts with the stated intentions of the Privacy Policy as posted on this website…[/em]

[em] - a detailed technical explanation of the activity,

- of Company intentions behind the activity,

- and how BitTorrent, Inc. will ensure the activity conforms to the policy [/em]

[em]…is now necessary in order to maintain public trust in the company and the µTorrent software.[/em]

I call upon members of the executive staff or owners to reply in detail to the listed points.

A full week to consult technical staff and counsel in order to compose a suitable reply should be sufficient.

Failure to respond within seven days and within this thread in view of the public by identified executive staff

or listed ownership of BitTorrent, Inc., deletion of this post or thread, closure of this thread, any attempt in public

or in private to suppress and avoid this public challenge or actions and omissions to break communication with

me in any way will be construed and subsequently publicized as implicit admission that a breach of the Privacy

Policy as posted has occurred without intentions to rectify the actions or clarify their purpose. Communications in

private by email is not expressly forbidden but the issue is that of public trust; therefore public response is both

warranted and necessary under the circumstances. Put simply, [em]I am giving you no choice but to explain it here[/em].

I sincerely hope for a reasonable explanation and we all eagerly await a detailed response.

All forums staff should refrain from comment, forward this message to the company directly to be handled

as they see fit, and then wait for direction from the company. This is a matter for company leaders or directors

to address and so is addressed to them directly in this public forum as this is the most appropriate place for

matters of public trust and company policy concerning the privacy of forum members and users of µTorrent.

"Bittorrent Inc. Privacy Challenge,txt" (filed Thursday, Sept 9, 2010 for conditional release Thursday, Sept 16, 2010)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...