This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 2
Revision 1 as of 2005-10-02 15:10:58
Size: 1868
Editor: UlfLamping
Comment: first content, please review
Revision 2 as of 2005-10-02 16:15:56
Size: 2058
Editor: UlfLamping
Comment: fix TCP ports used
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
 * ["TCP"]: Typically, BitTorrent uses ["TCP"] as its transport protocol. The well known TCP port for BitTorrent traffic is 6969 and 6881-6889.  * ["TCP"]: Typically, BitTorrent uses ["TCP"] as its transport protocol. The well known TCP port for BitTorrent traffic is 6881-6889.
Line 44: Line 44:
 Capture only the BitTorrent tracker traffic over the default port (6969): {{{
 tcp port 6969 }}}
 Capture only the BitTorrent tracker traffic over one of the default ports (6881): {{{
 tcp port 6881 }}}

XXX - how to filter the tcp port range 6881-6889?
Line 54: Line 56:

I've seen the usage of the TCP port 6969 while using BitTorrent. Is this the new web based tracker or simply a virus? - ''UlfLamping''

BitTorrent

XXX - add a brief BitTorrent description here

History

XXX - add a brief description of BitTorrent history

Protocol dependencies

  • ["TCP"]: Typically, BitTorrent uses ["TCP"] as its transport protocol. The well known TCP port for BitTorrent traffic is 6881-6889.

Example traffic

XXX - Add example traffic here (as plain text or Ethereal screenshot).

Ethereal

The BitTorrent dissector is (fully functional, partially functional, not existing, ... whatever the current state is).

Preference Settings

(XXX add links to preference settings affecting how PROTO is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

  • attachment:SampleCaptures/PROTO.pcap

Display Filter

A complete list of BitTorrent display filter fields can be found in the [http://www.ethereal.com/docs/dfref/b/bittorrent.html display filter reference]

  • Show only the BitTorrent based traffic:

     bittorrent 

Note: implemented in Ethereal post 0.10.12!

Capture Filter

You cannot directly filter BitTorrent protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture only the BitTorrent tracker traffic over one of the default ports (6881):

     tcp port 6881 

XXX - how to filter the tcp port range 6881-6889?

Discussion

I've seen the usage of the TCP port 6969 while using BitTorrent. Is this the new web based tracker or simply a virus? - UlfLamping

BitTorrent (last edited 2019-03-18 22:16:09 by JimDeLaHunt)