How would you trace a P2P computer?

[fastman]

Two computers using say Kazaa. Would it be in your logs if enabled? Hope I'm explaining this right.

 

[alrox]

you can look on your router(firewall) activity/logs/whatever page to see if anyone is doing a lot of traffic to the port kazaa uses, not sure which one it is though.

 

[fastman]

Ahh thats one way I'm sure, thanks.

 

[mboy]

What do u have as far as logging goes?
Anyway, port 1214 is what u will be lookin for.

 

[Gand1]

Unfortunately port 1214 is not the only port. The latest incarnations of this troublesome application now can port hop. If it has problem communicating on one port it will hop to another port until it gets a clean line of communication. On top of that, they have the ability to mask as HTTP, Oracle and other traffic. Sorry for the "optomistic" outlook but yes it should be in your logs and if you sniff for it you should be able to see it as well. Ethereal is a nice free Win32 sniffer if you don't have anything else.

 

[fastman]

I now have ethereal, but don't a have any instructions for it. I looked at it's web site Anyone know an easily understandable guide to it?