How to Identify Users Running BitTorrent


Since the release of Routeros 6.39, the P2P feature has been removed from the mangle & firewall rules. Therefore, the only way to filter BitTorrent traffic now is to use the layer7 protocol. The code below along with the firewall filter rule will allow you to identify users who are BitTorrenting on you network.

^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data\?fid=)|d1:ad2:id20:|\x08'7P\)[RP]