I don't think he is monitoring the network 24/7, but if you're gonna download torrents, he will see a huge traffic usage increase and might get suspicious. But I think he cannot tell the difference if it's HTTP packets or other kind of packets.
They dont need to monitor anything for 24/7 manually, this is why we have logs and alert systems. The thing here is, torrenting in itself is not illegal. The torrent protocol is a perfectly legal and great protocol for sharing files in a distrebuted maner. You know.. Its the entire "guns dont kill people, people do" dilemma. And telling the difference between HTTP packets and torrent packets is very much possible. Routers, switches and software are getting very smart these days..
No he cannot see such details. He can see your IP (which computer) and the packets, but if the "network admin" isn't very skilled then don't bother with this shit and just download, because you have to know your stuff to analyze the packets so quickly and do it every minute... very unlikely he is watching you every minute dude...
You're too paranoid.
Yes he can, the torrent protocol, by default, is plain text.
Any decent switch/router could easely be configured to dump all traffic to a network management port to setup a NIDS system where torrent detection among other things would be easy to set up. Thing is, you dont really need a super computer to parse 1gbps anymore.. I could do it with my 11" laptop.
I will quote myself: "They dont need to monitor anything for 24/7 manually, this is why we have logs and alert systems.". And in your case I will even change that just slightly to "They dont need to monitor anything for 24/7 manually, this is why we have network packet analyzers, IDS's, IPS's, firewalls, logs and alert systems."
Torrent tracking is not something a few annoying network admins do anymore, it is being done on a huge scale by huge international ISP's. So I dissagree, he is not being too paranoid.
Hi Hanio,
it all depends on what your administrator is doing. Do you need to use a proxy for accessing the internet? I guess not cause typically the ports used by torrent wouldn't be open. Torrent uses many different ports and connects to a lot of different IP address during downloading. This is suspicious behavior which should get recognized by every type of intrusion detection/prevention system, firewall and proxy. I haven't looked into torrent traffic but you can download a sample capture here: http://wiki.wireshark.org/BitTorrent ... I haven't found the name of the downloaded file in it. But I am sure that there are ways. You need to download the .torrent file first and import it to your client? (I really have not much experience with torrent). If your administrator takes a look at the traffic your client produced before the download started he is maybe able to find the download of the .torrent file. At least he could see the url the file is from.
but as Kulverstukas said I would not worry to much about it. Don't think your admin is capturing all the time. If he gets an alert and starts sniffing then he can see that you are using torrent but it would be to late to see which file you are downloading. But as I said at the beginning... it all depends on what your admin is doing/running.
Hope this helps
The usage of a proxy is not really relevant to whether or not he can download torrents or be cought downloading torrents. You dont need open ports at all to download torrents, reverse connection and UPnP takes care of all those problems. However, things are quite easier for the client if you have the correct port(s) open, some even claim it increeses the download speed.
The thing is, you do no longer need to download the .torrent file, its this new stuff TPB(among others) are doing with magnet links that is the main focus in this topic; Whether or not a network administrator can see when a user clicks the magnet link. And the answer is no, he can not.
However, without being any expert on the torrent protocol. I am pretty sure a decent network admin would be able to see the torrent tracker information gathering process anyway, and by that, maybe even the file names. But once again, I am no expect and I know you can turn on forced encryption in most good torrent clients, and I guess this MIGHT even encrypt the tracking process. I dont know.
