|BitTorrent or Something Else?
|These days, regular old torrent clients which listen on 6881-6889 by default are disappearing. Nowadays better clients randomize the listen port, and can go trackerless using only DHT. Clients bootstrap the DHT network by contacting the bootstrap nodes when the client is started. The bootstrap nodes listen on port 6881 UDP.
|This is a port that the somewhat-popular P2P program BitTorrent listens on. As stated in the BitTorrent FAQ: <http://bitconjurer.org/BitTorrent/FAQ.html> "By default, BitTorrent listens on port 6881, trying incrementally higher ports if it's unable to bind. It gives up after 6889 (the port range is configurable.) It's up to you to figure out how to poke a hole in your firewall/NAT."
|The Blizzard downloader uses bittorrent
|World of Warcraft uses ports 6881 - 6999 for its blizzard downloader. so my guess is an employee is trying to run warcraft at work
|Do a portcapture on the port and see the data.. the header should be Bit torrent protocol.
|this is the default port for BT, but can be changed to anything you want
|Iv seen over 500 emails from our Dlink router reporting 6881 hitting the router from outside in. WE have NO bitorrant anywhere in the system. Theres 10 networked machines with 2 windows 2003 servers running. Apache 1.3 with php and mailenable are the only things running from outside in several ports are individually blocked to the servers includig microsoft exchange. We run 2 dsl connections the second router is a Zonet which is reporting spikes but were still not sure whats hitting on that.. The hits on port 6881 are all consistant with this info in the emails Drop TCP packet from WAN src:22.214.171.124:53339 dst:126.96.36.199:6881 Rule: Default deny The high end port number consistantly changes.. We're still looking into this only because the router keeps dropping the connection on the heavy spike if further info is needed please feel free to let us know Thanks
|Bittorrent base port. Peer to Peer file distribution system