This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 19 and 20
Revision 19 as of 2007-04-19 13:04:56
Size: 4114
Editor: dhcp-246-201
Comment:
Revision 20 as of 2008-02-09 10:59:42
Size: 90
Editor: 202
Comment: wfmihg
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
##language:en
= BitTorrent =

BitTorrent is a protocol designed for transferring files. It is peer-to-peer in nature, as users connect to each other directly to send and receive portions of the file. However, there is a central server (called a tracker) which coordinates the action of all such peers. The tracker only manages connections, it does not have any knowledge of the contents of the files being distributed, and therefore a large number of users can be supported with relatively limited tracker bandwidth.

A recent extension to BitTorrent is the DHT ("distributed sloppy hash table" or simply called UDP tracker) protocol. A UDP based peer to peer tracker protocol.

== History ==

In April 2001 Bram Cohen designed the BitTorrent protocol, which he implemented summer 2002. The first program to use the protocol was the original [http://www.bittorrent.com/download BitTorrent client]. Today many applications are availiable, and the protocol is widely used.

== Protocol dependencies ==

 * ["TCP"]: Typically, BitTorrent uses ["TCP"] as its transport protocol. The well known TCP port for BitTorrent traffic is 6881-6889 (and 6969 for the tracker port). The DHT extension (peer2peer tracker) uses various UDP ports negotiated by the peers.

== Example traffic ==

XXX - Add example traffic here (as plain text or Wireshark screenshot).

== Wireshark ==

The BitTorrent dissector is (fully functional, partially functional, not existing, ... whatever the current state is). The DHT extension is currently not decoded.

== Preference Settings ==

 * ["Reassemble BitTorrent messages spanning multiple TCP segments"]
 * ["Decode the peer_id of the handshake messages"]

== Example capture files ==

attachment:SampleCaptures/BitTorrent.Transfer1.cap (Microsoft Network Monitor) Here's a capture with a few BitTorrent packets; it contains some small packets I got whilst downloading something on BitTorrent.

attachment:SampleCaptures/BITTORRENT.pcap (libpcap) Capture file of two torrent clients communicationg without DHT or peer exch.

== Display Filter ==
A complete list of BitTorrent display filter fields can be found in the [http://www.wireshark.org/docs/dfref/b/bittorrent.html display filter reference]

 Show only the BitTorrent based traffic: {{{
 bittorrent }}}

Note: implemented in Wireshark post 0.10.12!

== Capture Filter ==

You cannot directly filter BitTorrent protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

 Capture only the BitTorrent tracker traffic over one of the default ports (e.g. 6881): {{{
 tcp port 6881 }}}

 Capture the BitTorrent tracker traffic over the range of default ports (e.g. 6881-6889): {{{
 tcp portrange 6881-6889 }}}

 when using libpcap 0.9.1 or later or WinPcap 3.1 or later; that expression won't work with older versions of libpcap or WinPcap, so, on Windows, upgrade to WinPcap 3.1 or later and, on UN*X, upgrade to libpcap 0.9.x if possible and, if not possible and you have a version of libpcap prior to 0.8.1, use {{{
 (tcp[0:2] >= 6881 and tcp[0:2] <= 6889) or (tcp[2:2] >= 6881 and tcp[2:2] <= 6889) }}}

 (a bug in the libpcap optimizer in libpcap 0.8.x means this won't work with libpcap 0.8.x, although you might be able to use tcpdump with the "-O" flag).
 
== External links ==

 * [http://www.bittorrent.com/] the official BitTorrent page
 * [http://en.wikipedia.org/wiki/Bittorrent Wikipedia Bittorrent page]
 * [http://userpages.umbc.edu/%7Ehamilton/btclientconfig.html How BitTorrent Works] about P2P in general, BitTorrent and firewall settings
 * [http://www.bittorrent.org/Draft_DHT_protocol.html distributed sloppy hash table protocol] UDP based BitTorrent extension for distributed trackers (the UDP port number is negotiated)
 * [http://hippie.oofle.com/tiki-index.php?page=BitTorrent Hippie protocol signature description] the TCP and UDP protocol signatures which might be used to heuristically identify the BitTorrent protocol
 * [http://blog.eukhost.com/2006/09/22/bittorrent More on BitTorrent]
http://travel-59-878.jordex.net
http://travel-7-186.jordex.net
----
CategoryTemplate

BitTorrent (last edited 2019-03-18 22:16:09 by JimDeLaHunt)