LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   traffic analysis assistance request (http://www.linuxquestions.org/questions/linux-networking-3/traffic-analysis-assistance-request-383106/)

Strider22 11-14-2005 02:20 PM

traffic analysis assistance request
 
I'm new to IPtraf and am puzzled by these reports.
Is my router redirecting all bittorrent upload
requests to my web server?

The web server is internal 192.168.1.99
The torrent client is 192.168.1.107

IPTraf shows

TCP
192.168.1.99:6881 = 0 0 ---- eth0
62.113.134.245:2211 = 1 48 S--- eth0
192.168.1.99:6881 = 0 0 ---- eth0
86.34.3.84:56882 = 1 48 S--- eth0
192.168.1.99:5000 = 0 0 ---- eth0
69.157.126.164:3038 = 1 48 S--- eth0
69.72.142.98:80 = 2 112 --A- eth0
192.168.1.99:1148 = 3 355 -PA- eth0
85.165.163.249:26098 = 1 48 S--- eth0
192.168.1.99:6881 = 1 40 RESET eth0

UDP (86 bytes) from
62.38.115.75:21594 to 192.168.1.99:6881 on eth0

Yet my router shows that 192.168.1.107 is
generating the traffic on port 6881,
which I believe is a bit torrent application

192.168.1.107 81.231.39.3 6881
192.168.1.107 81.233.247.202 26926
192.168.1.107 60.50.33.137 12666
192.168.1.107 70.31.107.184 6881
192.168.1.99 24.224.180.195 3406
192.168.1.107 82.78.103.199 45638
192.168.1.107 24.81.143.82 49152
192.168.1.107 68.20.177.133 26881
192.168.1.107 65.67.102.112 6881
192.168.1.107 203.203.103.143 6881
192.168.1.107 85.16.24.252 6881
192.168.1.107 72.224.138.26 61173
192.168.1.99 83.92.190.91 1100
192.168.1.107 80.202.131.137 6881

Does this mean that my router is sending all the
upload requests to the web server in the DMZ?

Why does the UDP window show that port 6881 is being
addressed on the web server?


All times are GMT -5. The time now is 03:10 AM.