detecting P2P software use on my home network?

is there a way i can detect/stop use of P2P software on my home network. We are all running win xppro machines with a netgear ADSL filewall router DG834. I can't really install software on each machine so ideally something i can do to the router or from my machine...

thanks

RF

Either your router has some fancy abilities or you must use your own machine as a port scanner. P2P networking software is listening on specific Ip ports ( gnutella: 6346) and if a connection is made through your gateway ( router) on this port then filesharing is very likely at hand.

Most routers i know of have the ability to do logging. This is the easiest way, and probably enough for you. Just enter the units configuration mechasism, either a web interface or terminal window, and poke around a bit. Many of these boxes can log very spesific events, but you have to tell it to do so first.

When you get an overlook on the ports you do not want treffic on, you can simply block those in the router.

Two ways i can think of:
Either you could block the range of ports that the file sharing program uses from your router. Although programs like kazaa and soulseek allow you to change the port it uses so any one with some knowledge of the app will just change it. Alternativly you could install a firewall such as mcafee or norton and block the file sharing program's access to the internet. As long as you set an admin password for the firewall, the program couldn't get access.

hi there, thanks for both of those suggestions. I currenlty am using zonealarm but i have not admin passworded it. I like the idea of logging, i think that would be a good place to start as if i have proof it is there then i can take measures to stop it.

I have included a screen shot of a page of the admin control of my router....could i use something like this to block the port? then i assume it would come up in the log as an Attempted access to blocked sites....am i along the right lines here....

thanks very much for your replies..

RF

Just to bump in here, but it is possible to stop certain programs being run from within Windows. I don't think this is really what you want, since you want to log activity, but if you launch gpedit.msc from the Run dialog box, you'll find a setting in there where you can enter exe file names and these will be restricted, so that whenever someone trys to run the program, they get an access denied error message. This is a pretty easy way to stop the programs being run, as long as you know the exe file names.

thanks edwin, but would the user just not be able to undo that??

port scanning was mentioned...what software would anyone recommend for this... i remember port scanning being discussed at uni but i dont remember any programs being suggested..

thanks

RF

yeah, I suppose so! Depends how good on computers they are. There are programs you can get though which offer similar functions to the gpedit.msc which can be applied only to certain users and cannot be changed by normal users.

From the attachment a few posts ago it looks like you can do some logging. And there is a button for services, and one for firewall rules. Firewall rules go on top of the default policy by the way. So if the default is to block every incoming request, you could still add a rule that allows port 80 to inside adress 1.2.3.4 or whatever.

Perhaps a search on Google for known ports, and a search for different p2p programs would be yor next step. Write down what ports the different programs use, and make rules to silently drop all of those packets, inbound or outbound.

Be careful not to muck things up for messenger services, most people like to have those things on. This is not an easy task if you are new to ethernet an TCP-IP , and many network admins spend a lot (but not enough) of time with stuff like this.

Here are a few links to help you on the way. Find your way through the jungle and see the light ).

http://www.protocols.com/pbook/tcpip1.htm
http://www.iana.org/assignments/port-numbers

PS. There is an app called Ethereal, wich will tell you a lot about the packets on your lan. I do not know if it runs on windows though.

Ethereal is available for windows. You'll have to download and install WinPCAP as well to get Ethereal working (active packet captures).

http://www.ethereal.com/distribution/win32/

http://winpcap.polito.it/install/default.htm

hello all, thanks for the replies, i have tried putting the limewire port and a few others as services...i am assuming this will prevent access to them!! I have done a search for the ports of the big P2P software..

thanks for the software links, i am going to try port scanning the computer later today.

Cheers

RF