Fluke Networks: how to find BT traffic in the Network

The full name of BT is Bit Torrent, which is a P2P software. Different from the traditional download methods such as FTP and HTTP, the higher the number of BT users, the faster the speed. In traditional FTP and HTTP, files are transmitted from the server to the client, which may cause some problems: the increase in the number of users requires high bandwidth and high server performance, which will also affect the stability of the server, therefore, many servers have limits on the number of users and the download speed, causing a lot of inconvenience to users. While BT fundamentally solves this problem, BT adopts a method similar to pyramid scheme to achieve sharing. While downloading, it is also providing uploads for other users, therefore, the download speed will not be reduced as the number of users increases. It is very convenient to use. In simple terms, the more people you download, the faster the download speed.

If multiple users use BT for download at the same time, it will occupy a large amount of network bandwidth, seriously affecting the normal operation of other users. Personnel suffer from the inability to monitor and manage, resulting in more and more serious circumstances, hindering normal business use. Therefore, in some environments, it is necessary to strictly limit the user's BT download traffic or completely prohibit BT download.

To restrict BT applications, you must promptly search for BT Downloaders on the network to reduce spam traffic. The following describes two different methods.

1. search based on application port

First, use the SNMP function of the switch to view the traffic of each port of the switch. Check which port has a high utilization rate and the status of the device connected to the port. Determine whether the traffic is valid based on experience. Requirements: all network devices are smart devices and the SNMP function must be enabled. Because it is a Real-Time View and does not know what its high-traffic content is, the judgment results are not accurate and can only be used as a reference. Commonly used BT ports include tcp and udp) with 1881 ~ 1889; 4661,4662, 4665,4672, 4711; 6881 ~ 6999; 77771 ~ 7999; 8881 ~ 8999; 16881 ~ 16999; 18881 ~ 18999.

Then, the protocol analyzer or software is used to access the trunk link or WAN egress to view the application of the port and to see who uses the application. However, the BT application port can be customized. If you modify the application port, this method will not work.

Ii. Protocol Analysis of basic BT protocol Behavior

First, connect the instrument with the protocol analysis function to monitor the traffic at an appropriate location. You can use the frontend and backend interfaces of the WAN router to access the WAN analyzer. There are many access technologies, you can use the TAP 3-way) connector, you can also use an image in the network device to provide data traffic to fluke's network integration analyzer.

After the connection is complete, make necessary settings. Data needs to be filtered because of the large network traffic. Set a filter in the protocol analyzer to capture packets of TCP information in the network and obtain all information data that may use BT. TCP is the protocol used when a BT handshake message is sent. Next, we capture the data. After capturing the data, we use the protocol analysis software to make a string filter. The 19th-bit input in the filter is the "BitTorrent protocol" string, filter the obtained data. This string filter is used because the BT handshake message is followed by the string "BitTorrent protocol" after the number 19 ".

With this filter, you can capture all the Downloaders of BT. For more information about BT, see http://www.bittorw.com/protocol.html. BT protocol development instructions)

After filtering, you can see the following hex decoding window image. The red lines shown below are the IP addresses of the BT downloader and the BTBittorrent protocol they use.

In the detailed decoding window, the red lines below are the MAC address and IP address of the BT downloader Nic. You already have the IP address and MAC address for downloading Using BT. The Administrator will soon be able to find the BT downloader!

Tel: Beijing: 010-65123435 Guangzhou: 020-38795800 Shanghai: 021-63548829 CHENGDU: 028-85268810 Xi'an: 029-88376090
Jinan: 0531-6127616 Wuhan: 027-85743386 Shenyang: 024-23286038 Chongqing: 023-89038590 Shenzhen: 0755-83680050
Webpage: www.flukenetworks.com.cn