is deluge-torrent misbehaving? unexpected network traffic
Posted: Tue Apr 08, 2008 8:45 pm
hi all,
I've been using deluge (switched from azureus) for a while. I love the functionalities, light-weight, and speed of it. However, I realized that deluge may be misbehaving by generating unwanted network traffic (when deluge is not running) and I would like to get some confirmation here.
My original post about unwanted traffic can be found here: http://ubuntuforums.org/showthread.php? ... ne+network
At the end of that post, you'll find a wireshark capture of my network activities. Simply put, as soon as my ubuntu 710 is booted, I get A LOT of network activities through the torrent port. This is before a user even logs in (i.e. no IMs, www browsers, torrent client, etc,). Something is consuming about 15% of my bandwidth through my torrent port and I suspect it was DHT traffic. Since I only use deluge (and deluge is the only program other than my firewall that is aware of this particular open port), I suspect deluge is misbehaving. Why would I get traffic through my torrent port when deluge (and no other torrent client) is NOT running?
The only way to stop this traffic is to change the port-forwarding on my router, close the port on my internal firewall, and change the torrent port on deluge (and open the port on firewall/router accordingly). And SURE ENOUGH, as long as deluge is been executed, I always get these unwanted traffic through the *new* torrent port, even when deluge is NOT running. Even after reboot.
Perhaps there is a trojan being installed on my computer, but this trojan (if it exists) must be linked to deluge somehow since it is able to discover the new opened port.
I would like to get some idea on why I am getting unexpected network traffic through my torrent port. Any help is very much appreciated. I'm willing to supply any missing information.
ps. I'm using deluge 5.8.6, but have observed this behaviour since Christmas 07.
Thank you,
I've been using deluge (switched from azureus) for a while. I love the functionalities, light-weight, and speed of it. However, I realized that deluge may be misbehaving by generating unwanted network traffic (when deluge is not running) and I would like to get some confirmation here.
My original post about unwanted traffic can be found here: http://ubuntuforums.org/showthread.php? ... ne+network
At the end of that post, you'll find a wireshark capture of my network activities. Simply put, as soon as my ubuntu 710 is booted, I get A LOT of network activities through the torrent port. This is before a user even logs in (i.e. no IMs, www browsers, torrent client, etc,). Something is consuming about 15% of my bandwidth through my torrent port and I suspect it was DHT traffic. Since I only use deluge (and deluge is the only program other than my firewall that is aware of this particular open port), I suspect deluge is misbehaving. Why would I get traffic through my torrent port when deluge (and no other torrent client) is NOT running?
The only way to stop this traffic is to change the port-forwarding on my router, close the port on my internal firewall, and change the torrent port on deluge (and open the port on firewall/router accordingly). And SURE ENOUGH, as long as deluge is been executed, I always get these unwanted traffic through the *new* torrent port, even when deluge is NOT running. Even after reboot.
Perhaps there is a trojan being installed on my computer, but this trojan (if it exists) must be linked to deluge somehow since it is able to discover the new opened port.
I would like to get some idea on why I am getting unexpected network traffic through my torrent port. Any help is very much appreciated. I'm willing to supply any missing information.
ps. I'm using deluge 5.8.6, but have observed this behaviour since Christmas 07.
Thank you,