Archive for the 'divert' Category

[RUS ]nuclight: Torrent: альтернативный способ детектирования [how to detect torrent protocol by looking at tracker requests]

Wednesday, July 7th, 2010

A way to detect BT protocol traffic — instead of looking at every packet, traffic to torrent tracker websites is redirected (via divert(4) ) and then analyzed. Analyzer script (PERL) produces the src_ip, dst_ip, dst_port triplet, this info can be us…