Bittorrent and LAN help
 

My Bittorrent doesn't work well at all on my college LAN. It worked just fine on my computer before, but it seems like the LAN is seriously throttling the speeds that I download at. I don't think they are squelching the Bittorrent ports, because I have the same problem when I specify different ports (I just stuck a 1 in front of the default ports, which are somewhere around 6888, I think..)

Is there a way my LAN can determine what is Torrent traffic, and throttle that down? Does anybody have any advice on how I could get my Torrent working right again? I get NAT errors on all ports.. Is this a firewall issue? I have no firewalls on my computer at the moment..

Help!

That's the college's firewall. They have all the ports stealthed, at least, which means nothing can see if they're open. There's a pretty good chance that anything besides normal ports (80, whatever the other internet and FTP ports are) is closed.

Also, they probably have some form of packet shaper. They can determine what sort of traffic it is by seeing where the data is coming from, what size packets it comes in, etc. The priority for this type of traffic and for, say, games is set very low, whereas normal web browsing and email are significantly higher.

So basically, unless you can bed one of the IT staff and covince him/her to forward traffic through one specific port for you, you're SOL. I've heard rumors that setting up a proxy can help some of these issues, but I could never get it to work. I had the same problem transferring from the proxy as from anywhere else.

The common approach universities take is instead of restricting specific ports while allowing all, they will restrict everything and allow specific ports.

The ports you listed are both nonstandard, so you're probably being restricted under the "global restriction" policy. It takes a lot more effort to determine what program's data is flying through a port- I'm 99% positive that they don't know bittorent from anything else that would use the port.

NAT error is probably because you are part of the university's subnetwork. Other bittorent clients cannot determine your pc's IP. Probably because you don't have your own IP address. Instead you probalby have one for the local network and the school's mainframe exists as your gateway.

The NAT error could also be a result of you changing ports. It's not enough to change a port on the bittorent client and receive data- you have to get other clients to send you data on that port. This can't be done without changing the tracker to specify a different host port.

Unfortunatly, I believe you're out of luck. If you do manage to get bittorent working on some random port, the university would notice the abnormal change in network activity and block the port as a percaution. Universities are very much against Torrenting as it eats up bandwith needed for the rest of the campus.

Yep, and from the IT administrator's point of view, that's the right policy. Unless you have a reason for one of your ports to be open, it should be closed.

Sorry to say this, but you'll likely continue to have poor Bittorrent performance unless you can convince an IT person to open up the appropriate ports and forwarding them to your IP. In other words: you'll likely continue to have poor Bittorrent performance.

Thanks for the quick responses, guys. I expected to be told this.. Is it possible to change the port to something that wasn't blocked, maybe an email port, or something?

Small clarification- The NAT error isn't from my changing ports, it's always been there, even when using default ports. As for what you are saying about my IP.. You're probably right. I can get bittorrent traffic, however.. but it's usually ~1k/sec or less.

There are applications called packet shapers that can do Layer 7 (Application) examination of packets and determine what protocol they're for, no matter what port they're running on. It's entirely possible that no matter how you change the ports, they're still getting subjected to a much lower priority due to the P2P nature.

At my uni, web traffic gets the best priority, then things like mail and FTP, then unknown traffic, then games, then finally P2P. Even if you try to change the port to one that isn't blocked, you may still run into problems.

You could try running BT on port 80 (WWW) or 25 (SMTP) and see if that helps - but if they're doing Layer 7 inspection, it won't.

First thing I tried, and no luck. I've resigned myself to no P2P.

i wrote a little howto on useing bittorrent and DC thru firewall
check it out

http://animestan.7.forumer.com/viewtopic.php?t=251

One way is to make friends with your schools IT department, or get a job there.

To expand on what Pragma said, which I am in complete agreeance with him, packet inspection might be happening at mutiple layers.

The reality of modern application demands and capabilities require that firewalls with a much more intimate level of knowledge of the application payload. Emerging applications utilizing XML and Simple Object Access Protocol (SOAP) require the firewall to monitor the content within the packets at wire-speed. Additionally, applications which can change their communication ports in order to bypass outbound filtering or those which tunnel within commonly allowed ports (such as 80/TCP) must be monitored as well in order to provide for the maximum amount of security within the network.

To address the limitations of Packet-Filtering, Application Proxy, and Stateful Inspection, a technology known as Deep Packet Inspection (DPI) was developed. DPI operates at L3-7 of the OSI model. DPI engines parse the entire IP packet, and make forwarding decisions by means of a rule-based logic that is based upon signature or regular expression matching. That is, they compare the data within a packet payload to a database of predefined attack signatures (a string of bytes). Additionally, statistical or historical algorithms may supplement static pattern matching.

Analysis of packet headers can be done economically since the locations of packet header fields are restricted by protocol standards. However, the payload contents are, for the most part, unconstrained. Therefore, searching through the payload for multiple string patterns within the datastream is a computationally expensive task. The requirement that these searches be performed at wirespeed adds to the cost. Additionally, because the signature database is dynamic, it must be easily updateable. Promising approaches to these problems include a software-based approach (Snort implementing the Boyer-Moore algorithm), and a hardware-based approach (FPGA's running a Bloom filter algorithm).

DPI technology can be effective against buffer overflow attacks, denial of service (DoS) attacks, sophisticated intrusions, and a small percentage of worms that fit within a single packet.

I guess that was more than you really were asking for, but I am assuming the college is probably running some pretty expensive equipment to span the student/staff/ faculty body. When I worked as a network admin. for the college I was attending, we setup multiple Cisco 5505 chassis with 48 port cards, dual supervisor engines, etc. Expensive equipment as well, and it can aid in doing packet inspection.

Anyway, yeah, it looks like you don't have much of an option if the school is doing any SPI or similar.

have you tried mirc?