Monitoring BitTorrent Traffic with ntopng

Posted · Add Comment

ntopng has been designed not just for network administrators, but also for small companies and in particular for families. How often you have seen traffic on your network that you did not expect and you asked yourself what was that about. A good example is BitTorrent traffic that can be used for efficiently downloading files and not just for copyright-protected content (unfortunately this is how this protocol is usually perceived by the network community). If you are wondering what your colleagues/children are downloading using BitTorrent, now ntopng can help you.

In the latest development version, ntopng (thanks to nDPI) can now decode (and not just detect) BitTorrent traffic and extract the hashId of the files being searched/downloaded and tell you what is such file. Of course if you use -F this information is saved in MySQL so that you can run your queries on it.

In case you have BitTorrent traffic on your network you can check it from the interface stats

Screen Shot 2016-02-28 at 09.24.15

or looking at flows. As you can see in the info column you can see a hash

Screen Shot 2016-02-28 at 09.22.01

that is then displayed clicking on the Info blue button. In this case you will see the flow information and the BitTorrent becomes a clickable hyperlink,

Screen Shot 2016-02-28 at 09.22.14

If you are wondering how to map the hashId to a file name (so you can know what file has been downloaded), you can click on the hash hyperlink and google will tell you what is the file being downloaded.

Screen Shot 2016-02-28 at 09.22.20

Now you know how to monitoring your colleagues/children downloads and decide if they are appropriate or not.

Happy downloading!