This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 24 and 25
Revision 24 as of 2008-02-25 20:25:03
Size: 4104
Editor: slam
Comment:
Revision 25 as of 2008-02-26 06:27:12
Size: 1264
Editor: ip65-47-164-46
Comment: kyexgf
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
##language:en
= BitTorrent =

BitTorrent is a protocol designed for transferring files. It is peer-to-peer in nature, as users connect to each other directly to send and receive portions of the file. However, there is a central server (called a tracker) which coordinates the action of all such peers. The tracker only manages connections, it does not have any knowledge of the contents of the files being distributed, and therefore a large number of users can be supported with relatively limited tracker bandwidth.

A recent extension to BitTorrent is the DHT ("distributed sloppy hash table" or simply called UDP tracker) protocol. A UDP based peer to peer tracker protocol.

== History ==

In April 2001 Bram Cohen designed the BitTorrent protocol, which he implemented summer 2002. The first program to use the protocol was the original [http://www.bittorrent.com/download BitTorrent client]. Today many applications are availiable, and the protocol is widely used.

== Protocol dependencies ==

 * ["TCP"]: Typically, BitTorrent uses ["TCP"] as its transport protocol. The well known TCP port for BitTorrent traffic is 6881-6889 (and 6969 for the tracker port). The DHT extension (peer2peer tracker) uses various UDP ports negotiated by the peers.

== Example traffic ==

XXX - Add example traffic here (as plain text or Wireshark screenshot).

== Wireshark ==

The BitTorrent dissector is (fully functional, partially functional, not existing, ... whatever the current state is). The DHT extension is currently not decoded.

== Preference Settings ==

 * ["Reassemble BitTorrent messages spanning multiple TCP segments"]
 * ["Decode the peer_id of the handshake messages"]

== Example capture files ==

attachment:SampleCaptures/BitTorrent.Transfer1.cap (Microsoft Network Monitor) Here's a capture with a few BitTorrent packets; it contains some small packets I got whilst downloading something on BitTorrent.

attachment:SampleCaptures/BITTORRENT.pcap (libpcap) Capture file of two torrent clients communicationg without DHT or peer exch.

== Display Filter ==
A complete list of BitTorrent display filter fields can be found in the [http://www.wireshark.org/docs/dfref/b/bittorrent.html display filter reference]

 Show only the BitTorrent based traffic: {{{
 bittorrent }}}

Note: implemented in Wireshark post 0.10.12!

== Capture Filter ==

You cannot directly filter BitTorrent protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

 Capture only the BitTorrent tracker traffic over one of the default ports (e.g. 6881): {{{
 tcp port 6881 }}}

 Capture the BitTorrent tracker traffic over the range of default ports (e.g. 6881-6889): {{{
 tcp portrange 6881-6889 }}}

 when using libpcap 0.9.1 or later or WinPcap 3.1 or later; that expression won't work with older versions of libpcap or WinPcap, so, on Windows, upgrade to WinPcap 3.1 or later and, on UN*X, upgrade to libpcap 0.9.x if possible and, if not possible and you have a version of libpcap prior to 0.8.1, use {{{
 (tcp[0:2] >= 6881 and tcp[0:2] <= 6889) or (tcp[2:2] >= 6881 and tcp[2:2] <= 6889) }}}

 (a bug in the libpcap optimizer in libpcap 0.8.x means this won't work with libpcap 0.8.x, although you might be able to use tcpdump with the "-O" flag).
 
== External links ==

 * [http://www.bittorrent.com/] the official BitTorrent page
 * [http://en.wikipedia.org/wiki/Bittorrent Wikipedia Bittorrent page]
 * [http://userpages.umbc.edu/%7Ehamilton/btclientconfig.html How BitTorrent Works] about P2P in general, BitTorrent and firewall settings
 * [http://www.bittorrent.org/Draft_DHT_protocol.html distributed sloppy hash table protocol] UDP based BitTorrent extension for distributed trackers (the UDP port number is negotiated)
 * [http://hippie.oofle.com/protocols/bittorrent Hippie protocol signature description] the TCP and UDP protocol signatures which might be used to heuristically identify the BitTorrent protocol
 * [http://blog.eukhost.com/2006/09/22/bittorrent More on BitTorrent]
http://ford-25-733.qasmote.net http://hyundai-2-792.qasmote.net http://ford-66-684.qasmote.net http://audi-4-733.qasmote.net http://daimler-703.qasmote.net http://ford-17-838.qasmote.net http://ford-28-739.qasmote.net http://bmw-610.qasmote.net http://infiniti-1-581.qasmote.net http://gmc-6.qasmote.net http://alfa-romeo-871.qasmote.net http://ford-57-809.qasmote.net http://infiniti-1-812.qasmote.net http://ford-63.qasmote.net http://daihatsu-101.qasmote.net http://chevrolet-3-854.qasmote.net http://bmw-4.qasmote.net http://ford-18-369.qasmote.net http://bmw-6-454.qasmote.net http://ford-77-221.qasmote.net http://chevrolet-4.qasmote.net http://hyundai-2.qasmote.net http://audi-1-618.qasmote.net http://ford-65.qasmote.net http://ford-22.qasmote.net http://jaguar-1-484.qasmote.net http://jeep-11-5.qasmote.net http://ford-45.qasmote.net http://chevrolet-4-207.qasmote.net http://ford-32-750.qasmote.net http://ford-59-444.qasmote.net http://ford-46-120.qasmote.net http://jaguar-395.qasmote.net http://jeep-5.qasmote.net http://ford-14-458.qasmote.net http://gmc-4-238.qasmote.net http://ford-10.qasmote.net http://ford-71-503.qasmote.net http://chevrolet-6-85.qasmote.net http://hyundai-5.qasmote.net
http://ford-46.qasmote.net
----
CategoryTemplate

BitTorrent (last edited 2019-03-18 22:16:09 by JimDeLaHunt)