confused about open TCP connections and netstat results

[wldcat2]

I guess I don't understand something here. I have uTorrent (1.1.5) set to listen to port 49155 and my router set to forward traffic on that port to my computer.

However, I am downloading a file off bitmetv.org, connected to 11 seeds and 4 peers and when I run a netstat there are no connections on port 49155, they are all on ports around 1477-1493. I realize that my outgoing traffic can be on any port but when shouldn't I have some traffic on 49155?

Furthermore, when I look at the bitmetv home page it says that I am not connectable which means I am firewalled and cannot accept incoming connections. But my software firewall is turned off and the router is set to forward the traffic. I also tried the same torrent with ABC and I was connectable and had traffic on the proper ports.

Any ideas?

[Firon]

Only incoming connections will use the port you set, since it's the port it listens on for peers. Outgoing connections use a random port number.

[creed]

Hi

I was going to ask the same question as wldcat2...

I dont understand your answer tho, if we Portforward a port...for example 64003, how can anything get out bar that Port , and why are all these Ports open..

I thought the whole point was 1 port in and 1 port out ?

Thanks

[wldcat2]

Well I do know that your router will allow any outgoing port; it's only the incoming ports that it cares about. A router blocks incoming traffic, a software firewall can block outgoing traffic.

Although I'm still wondering why there was no traffic on the port I had designated as my incoming port. I know that a lot of people consider it a huge security risk but I'm considering just enabling UPnP on my router and on uTorrent and letting it handle it. One reason for that is I often forget to disable port forwarding on that port when I am finished using uTorrent (or any other program).

[juju]

Hi

I was going to ask the same question as wldcat2...

I dont understand your answer tho, if we Portforward a port...for example 64003, how can anything get out bar that Port , and why are all these Ports open..

I thought the whole point was 1 port in and 1 port out ?

Thanks

Don't forget as many P2P applications, utorrent acts like a client AND a server.

that means it uses 1 port in/1 port out only from/to your side

in other words, 4 cases happen when you use any bittorent software(often abusively named "client") :

1 . Your BT soft connects to peers and sends data from your single port to the "client" port, whatever it is.

2 . Your BT soft connects to peers and receives data to your single port

from the "client" port, whatever it is.

3. The Peer (this time, he's the server) connects to your BT soft (this time, you're the client) and send data to your single port

4. The Peer (still the server) connects to your BT soft (you're still the client) and receives data from your single port

So, there'll always be connections coming from and sent to thousand of different ports, as everyone can choose, that's normal.

[creed]

Hi

Makes sense, I was being daft...

I didnt think UPnP was a big security risk, I thought you still named a port and UPnP sorted the router out if it was UPnP compatible.

Still dont know if Im 100% ok with uTorrent, it seems a bit neither here nor there, the footprint is great thats for sure.

I just tried Netstat, and I see my port with my comuter name, and loads of connections, so dunno whats up with yours

[wldcat2]

Not to hijack my own thread, but UPnP is considered a security risk on the router side, not uTorrent. Basically you are letting uTorrent decide which port to use, then open that port on your router. The reason this is considered a risk is because if you have UPnP enabled on your router, then any software (including malicious software) can open a port on your router to allow incoming traffic. And the frustrating part is, as far as I can tell, there is no way to know what port has been opened and by what program. Therefore a lot of people disable UPnP on the router and manually forward the port.

As for my netstat results, perhaps my numbers were skewed because of a relatively low number of connections at the time. It could just be that there were no incoming connections at that time.