Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

The Wireshark bittorrent dissector uses two methods to identify bittorrent traffic:

  1. It uses a range of TCP ports
  2. It uses a heuristic analysis of the packet consisting of:
    1. minimum payload length
    2. a length indication
    3. an identification string

If there are others, these are not (yet) implemented in the dissector.