Strange Bitcomet Connection Usage

Hi,

I’ve got a problem with Bitcomet.

When the program is not running my internet connection is idle.

However when I run Bitcomet even though no torrents are running the connection activity is very high.

When I close bitcomet again it stops.

I have Zone Alarm Firewall but I don’t think its causing any problems (Getting both remote and local peers)

What I’ve noticed is that i’m getting slow download speeds and ZA sometimes tells me that

Bitcomet is trying to send some mails, of course I denied.

Isn’t it strange that Bitcomet is traying to send mails. Of course not the usual Crash report mails( This one is

working perfectly but its sending mails directly.

Also the program crashed twice. This is how I know the mails bitcomet was trying to send were not crash reports.

Am I being hijacked or something like that through Bitcomet?

Could anyone help me out?

Thanks

BitComet does not send email. Either you or a peer is using the smtp port (113). And yes part of your problem most likly is Zonealarm. It blocks a lot of normal peers and it modifies the TCP/IP stack without telling you. It’s not a very good firewall anymore.

What OS & service pack are you using?

When the program is not running my internet connection is idle.

However when I run Bitcomet even though no torrents are running the connection activity is very high.

This is traffic from the DHT Network

Also i agree with Dark Shroud, ZA is not that good of a firewall if you want to do any p2p

If you would like an alternative that is fairly easy to use then consider the free Kerio Personal Firewall

If you do decide to switch make sure to get rid of all the crap that ZA leaves behind after an uninstall

Hi guys,

I’m using w2k sp3. Didn’t know Zonealarm was crap.

It was easy fro for me to configure that’s why I chose it.

If you say so then I’ll scrap it for sure and make some more tests

Thanks

Ok, you should upgrade to service pack 4 and get some other updates after that. W2k should not have a problem updating from Microsoft’s website, its so old they don’t really care about it being stolen.

Hi,

I’m getting the updates. But last time I installed SP4 for W2K all screwed up. No modem No dial up nothing. nvm will try to install it again :mellow:

I’ve installed Kaspersky firewall. Trying to configure it now

This is traffic from the DHT Network

I’m having a similar issue, although BitComet itself is reporting the activity. Immediately after starting up BitComet it will gradually increase from 0/0 DL/UL to 15KBs/7KBs (with no torrents running), and then decrease back down to 0/0 over the span of about 30 seconds. Is this the same thing/normal?

That sounds like it’s doing its update check. You can disable that in the settings. For me, it worked exactly once and never again anyway.

Hi all,

Using Kerio Personal Firewall + Kaspersky Antivirus and ewido anti spyware

Solved the issue

Regards

Glad to hear from you. Did you get SP4 working as well?

I was experiencing bitcomet trying to connect to various domains on port 110 (trying to send mail was the first thought), I know it was bitcomet due to my AVG virus scan log (shows the PID of the sending exe) and was alerted to it by AVG showing it’s email scanning popup every few seconds.

I have since replaced my install of bitcomet (which originally came from Download.com) with the one direct from bitcomet.com and this issue has stopped. As an aside to this it also now seems to use less resources (both were v0.70)

It had nothing to do with DHT as I have this disabled.

Your right it has nothing to do with the DHT Network. It is other peers using port 110 with their BT client.

There is no difference between the versions hosted on bitcomet.com and the ones on download.com although download.com only has v0.71 now, unfortunately.

AVG is only an average anti-virus anyway. But yeah like Dave said, this is because other peers are using stupid ports for things. That’s why most people say to use something in the 50,000-65,000 range now.

Glad to hear from you. Did you get SP4 working as well?

Hi,

got some free time (this is rare as I’m working late)

Yeah still using SP3 for W2K. I’ve got no issue with SP3 till now and download speed are top notch even with 3 peers and ADSL 128k.

My moto is ‘Never change a winning team’. Its is not always the case but I stick to it and got lots of lessons in the past. so…

Anyway Bitcomet 0.70 still rocks.

Cheers :lol:

there is most certainly something strange going on…

i’m using mcafee 8.5, and noticed that it was griping about blocked activity. i looked at the logs, and bitcomet.exe was hammering out every 60 seconds an attempt to SMTP out to a specific address. after 60 minutes (and 60 tries), it tried to communicate via IRC to another IP address (also blocked), and then spent an hour hammering out SMTP traffic to another IP. repeat this process infinitely. i checked on my wife’s pc - same exact behavior (we’ve both been using .70).

i uninstalled mine, did a virus check and spyware check, went over the running processes with procexp.exe, looked for daffy traffic with tcpview, checked for strange BHO’s, and couldn’t find any wacky services or startup items. system is xp sp2, completely up to date with the latest hotfixes… so i went to bitcomet.com to download the new version, which re-directed me to cnet.com’s download site. that site prompted me to download, but explicitly stated that it was being pulled from a 3rd party (but did not state where). alas, it was late, and i did not check to see where it was going.

this morning, i installed .87, and sure enough - same behavior right out of the gate. so i created a virtual xp sp2 machine in vmware, loaded procexp.exe, tcpview, and mcafee 8.5, and then downloaded and install .87. and with no torrents going, it kep hammering out various ip addresses, trying to chat with them via irc.

now, all of this behavior has been blocked both at my router, and at the desktop level, so nothing has gotten through… but an examination of these IP addresses shows that they are IP’s from ISP’s all over the world, and they’re DHCP ranges for their subscribers (mostly cable modem users)… columbus ohio, oslo, taiwan… you name it. here are some of the IP’s:

5/17/2007 10:49:16 AM Blocked by port blocking rule C:\Program Files\BitComet\BitComet.exe Anti-virus Standard Protection:Prevent IRC communication 217.233.219.130:6666

5/17/2007 10:50:28 AM Blocked by port blocking rule C:\Program Files\BitComet\BitComet.exe Anti-virus Standard Protection:Prevent IRC communication 75.185.93.204:6669

5/17/2007 11:18:57 AM Blocked by port blocking rule C:\Program Files\BitComet\BitComet.exe Anti-virus Standard Protection:Prevent IRC communication 61.62.161.117:6668

5/17/2007 11:48:58 AM Blocked by port blocking rule C:\Program Files\BitComet\BitComet.exe Anti-virus Standard Protection:Prevent IRC communication 82.41.192.102:6667

5/17/2007 11:49:58 AM Blocked by port blocking rule C:\Program Files\BitComet\BitComet.exe Anti-virus Standard Protection:Prevent IRC communication 217.233.219.130:6666

5/17/2007 11:51:07 AM Blocked by port blocking rule C:\Program Files\BitComet\BitComet.exe Anti-virus Standard Protection:Prevent IRC communication 62.166.3.87:6666

5/17/2007 12:19:40 PM Blocked by port blocking rule C:\Program Files\BitComet\BitComet.exe Anti-virus Standard Protection:Prevent IRC communication 75.185.93.204:6669

at this point? i don’t trust bitcomet AT ALL.

Did you read the thread?

Your antivirus is mis-reporting Bitcomet’s outbound UDP packets.

Apparently it has some port based rules and doesn’t actually distinguish what kind of traffic is actually being sent over said ports.

Disable the DHT Network, then restart Bitcomet, and the connections will go away.

The only connections you will see now when you start Bitcomet 0.87 are:

Checks a remote server to verify port forwarding (if checked in the options)

Checks for program updates (if checked in the options)

Checks for updates for the favorites/etc (always does this)

May send statistical info to Bitcomet’s servers (if checked in the options)

If you are using v0.70 the only connections you should see, with the DHT Network disabled, are:

Checks for program updates (if checked in the options)

Checks for updates for the favorites/etc (always does this)

Now, your protection software may still randomly block some peer traffic,

this will happen if the other peer is using a port that your antivirus/firewall doesn’t like.

That is why we recommend everyone should use a port in the range of private ports (49152 - 65535), except for a few rare cases.