This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.

BitTorrent

BitTorrent is a protocol designed for transferring files. It is peer-to-peer in nature, as users connect to each other directly to send and receive portions of the file. However, there is a central server (called a tracker) which coordinates the action of all such peers. The tracker only manages connections, it does not have any knowledge of the contents of the files being distributed, and therefore a large number of users can be supported with relatively limited tracker bandwidth.

A recent extension to BitTorrent is the DHT ("distributed sloppy hash table" or simply called UDP tracker) protocol. A UDP based peer to peer tracker protocol.

History

In April 2001 Bram Cohen designed the BitTorrent protocol, which he implemented summer 2002. The first program to use the protocol was the original [http://www.bittorrent.com/download BitTorrent client]. Today many applications are availiable, and the protocol is widely used.

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The BitTorrent dissector is (fully functional, partially functional, not existing, ... whatever the current state is). The DHT extension is currently not decoded.

Preference Settings

*["Reassemble BitTorrent messages spanning multiple TCP segments"] *["Decode the peer_id of the handshake messages"]

Example capture file

attachment:BITTORRENT.pcap

Display Filter

A complete list of BitTorrent display filter fields can be found in the [http://www.wireshark.org/docs/dfref/b/bittorrent.html display filter reference]

Note: implemented in Wireshark post 0.10.12!

Capture Filter

You cannot directly filter BitTorrent protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.