[RUS ]nuclight: Torrent: альтернативный способ детектирования [how to detect torrent protocol by looking at tracker requests]
http://nuclight.livejournal.com/125747.html A way to detect BT protocol traffic – instead of looking at every packet, traffic to torrent tracker websites is redirected (via divert(4) ) and then analyzed. Analyzer script (PERL) produces the src_ip, dst_ip, dst_port triplet, this info can be used to produce firewall rules