VISVESVARAIAH TECHNOLOGICAL UNIVERSITY BELGAUM

DHARWAD 580 002

A seminar report on BITTORRENT PROTOCOL

Submitted by Rajani .B. Paraddi 2SD06CS071 8th semester

Dept of CSE

VISVESVARAIAH TECHNOLOGICAL UNIVERSITY BELGAUM

DEPARTMENT OF COMPUTER SCIENCE ENGINEERING

CERTIFICATE Certified that the seminar work entitled BITTORRENT

PROTOCOL is a bonafide work presented by Rajani.B.Paraddi bearing USN 2SD06CS071 in a partial fulfillment for the award of degree of Bachelor of Engineering in Computer Science Engineering of the Vishveshwaraiah Technological University, Belgaum during the year 2009-10. The seminar report has been approved as it satisfies the academic requirements with respect to seminar work presented for the Bachelor of Engineering Degree.

Staff In Charge H.O.D CSE Name: Rajani .B. Paraddi USN: 2SD06CS071
2 Dept of CSE

Index
1. Introduction 1.1. 1.2. Overview History

2. BitTorrent and Other approaches 2.1. 2.2. 2.3. 2.4. Other P2P Methods Typical HTTP File Transfer The DAP method The BitTorrent Approach

3. Working of BitTorrent 4. Terminology 5. Architecture of BitTorrent 5.1. 5.2. 5.3. 5.4. 5.5. Metainfo File Tracker Peers Data Bittorrent Clients

6. Vulnerabilities of BitTorrent 6.1. 6.2. Attacks on bittorrent Solutions

7. Conclusion 8. References

Dept of CSE

1. Introduction[1]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

1.1 Overview
BitTorrent is a peer-to-peer file sharing protocol used to distribute large amounts of data. BitTorrent is one of the most common protocols for transferring large files. Its main usage is for the transfer of large sized files. It makes transfer of such files easier by implementing a different approach. A user can obtain multiple files simultaneously without any considerable loss of the transfer rate. It is said to be a lot better than the conventional file transfer methods because of a different principle that is followed by this protocol. It also evens out the way a file is shared by allowing a user not just to obtain it but also to share it with others. This is what has made a big difference between this and the conventional file transfer methods. It makes a user to share the file he is obtaining so that the other users who are trying to obtain the same file would find it easier and also in turn making these users to involve themselves in the file sharing process. Thus the larger the number of users the more is the demand and more easily a file can be transferred between them. BitTorrent protocol has been built on a technology which makes it possible to distribute large amounts of data without the need of a high capacity server, and expensive bandwidth. This is the most striking feature of this file transfer protocol. The transferring of files will never depend on a single source which is supposed the original copy of the file but instead the load will be distributed across a number of such sources. Here not just the sources are responsible for file transfer but also the clients or users who want to obtain the file are involved in this process. This makes the load get distributed evenly across the users and thus making the main source partially free from this process which will reduce the network traffic imposed on it. Because of this, BitTorrent has become one of the most popular file transfer mechanisms in todays world. Though the mechanism itself is not as simple as an ordinary file transfer protocol, it has gained its popularity because of the sharing policy that it imposes on its users.

1.2 History
BitTorrent was created by a programmer named Bram Cohen. After inventing this new technology he said, "I decided I finally wanted to work on a project that people would actually use, would actually work and would actually be fun". Before this was invented, there were other techniques for file sharing but they were not utilizing the bandwidth effectively.
4 Dept of CSE

33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

The bandwidth had become a bottleneck in such methods. This meant that most of the users can simply download the files without being needed to upload. So this again put a lot of network load on the original sources and on small number of users. This led to inefficient usage of bandwidth of the remaining users. This was the main intention behind Cohens invention, i.e., to make the maximum utilization of all the users bandwidth who are involved in the sharing of files. By doing so, every person who wants to download a file had to contribute towards the uploading process also. This new and novel concept of Cohen gave birth to a new peer to peer file sharing protocol called BitTorrent. Cohen invented this protocol in April 2001. The first usable version of BitTorrent appeared in October 2002, but the system needed a lot of fine-tuning. BitTorrent really started to take off in early 2003.

2. BitTorrent and Other approaches[3]

2.1 Other P2P Methods
The most common method by which files are transferred on the Internet is the clientserver model. A central server sends the entire file to each client that requests it, this is how both http and ftp work. The clients only speak to the server, and never to each other. The main advantages of this method are that it's simple to set up, and the files are usually always available since the servers tend to be dedicated to the task of serving, and are always on and connected to the Internet. However, this model has a significant problem with files that are large or very popular, or both. Namely, it takes a great deal of bandwidth and server resources to distribute such a file, since the server must transmit the entire file to each client. Perhaps you may have tried to download a demo of a new game just released, or CD images of a new Linux distribution, and found that all the servers report "too many users," or there is a long queue that you have to wait through. The concept of mirrors partially addresses this shortcoming by distributing the load across multiple servers. But it requires a lot of coordination and effort to set up an efficient network of mirrors, and it's usually only feasible for the busiest of sites.

2.2 A Typical HTTP File Transfer

The most common type of file transfer is through a HTTP server. In this method, a HTTP server listens to the clients requests and serves them. Here the client can only depend
5 Dept of CSE

66 67 68 69 70 71 72 73 74

on the lone server that is providing the file. The overall download scheme will be limited to the limitations of that server. Also this kind of transfer of file is subjected to single point of failure, where if the server crashes then the whole download process will seize. A single server can handle many such clients and serve the requested file simultaneously to all the clients. The file being served will be available as one single piece, which means that if the download process stops abruptly in the middle the whole file has to be downloaded again. BitTorrent protocol has overcome all these shortcomings seen in this type and thus it is more robust due to which it is chosen by many people over this traditional method of file transfer.

75 76 77 78 79 80 81 82 83 84 85 86 87 88

Fig 2.1: HTTP/FTP File Transfer

2.3 The DAP method

Download Accelerator Plus (DAP) is the world's most popular download accelerator. DAP's key features include the ability to accelerate downloading of files in FTP and HTTP protocols, to pause and resume downloads, and to recover from dropped internet connections. On the Internet the same file is often hosted on numerous mirror sites, such as at universities and on ISP servers. DAP immediately senses when a user begins downloading a file and identifies available mirror sites that host the requested file. As soon as it is triggered, DAP's client side optimization begins to determine - in real time - which mirror sites offer the fastest response for the specific user's location. The file is downloaded in several segments simultaneously through multiple connections from the most responsive server(s) and reassembled at the user's PC. This results in better utilization of the user's

Dept of CSE

89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107

available bandwidth. This ensures that each available mirror server is utilized to serve the users that most benefit. This in turn effects an efficient balancing of the load among available servers across the entire World Wide Web, and reduces download times for users while allowing them to receive maximum benefit from their available bandwidth. DAP's resume functionality and the ability to continue downloading even when one of the participating connections has dropped also provides users with a more reliable download experience.

2.4 The BitTorrent Approach

In BitTorrent, the data to be shared is divided into many equal-sized portions called pieces. Each piece is further sub-divided into equal-sized sub-pieces called blocks. All clients interested in sharing this data are grouped into a swarm, each of which is managed by a central entity called the tracker. BitTorrent has revolutionized the way files are shared between people. It does not require a user to download a file completely from a single server. Instead a file can be downloaded from many such users who are indeed downloading the same file. A user who has the complete file, called the seed will initiate the download by transferring pieces of file to the users. Once a user has some considerable number of such pieces of a file then even he can start sharing them with other users who are yet to receive those pieces. This concept enables a client not to depend on a server completely and also it reduces overall load on the server.

108 109 110 111 112 113

Fig 2.2 : BitTorrent File Transfer Each client independently sends a file, called a torrent, that contains the location of the tracker along with a hash of each piece. Clients keep each other updated on the status of their download. Clients download blocks from other (randomly chosen) clients who claim they have the corresponding data. Accordingly, clients also send data that they have
7 Dept of CSE

114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146

previously downloaded to other clients. Once a client receives all the blocks for a given piece, he can verify the hash of that piece against the provided hash in the torrent. Thus once a client has downloaded and verified all pieces, he can be confident that he has the complete data. Both BitTorrent and DAP download files from multiple sources. Also the files are divided into pieces in both approaches. But BitTorrent has many such features that DAP doesnt, which has made it the most popular one. In BitTorrent the users participate actively in sharing files along with servers. This is the uniqueness of this protocol. Also this needs an implementation of a dedicated server called tracker to handle the peers connected in the network. The file transfer in DAP takes place through the traditional HTTP or FTP protocol which means that the transfer rate will always be limited by the servers bandwidth. If these servers are flooded with requests then the breakdown and the transaction will terminate. This is not the case in BitTorrent since the whole process is not depending on servers alone. The load is distributed across the network between peers and servers. This makes BitTorrent far better than its competing peers like DAP and others.

3. Working of BitTorrent[4]
As previously explained, BitTorrents design makes it extremely efficient in the sharing of large data files among interested peers. BitTorrent scales well and is a superior method for transferring and disseminating files between interested peers while limiting free riding (peers who download but do not upload) between those same peers. BitTorrents is based on a tit for tat reciprocity agreement between users that ultimately results in pareto efficiency. Pareto efficiency is an important economic concept that maximizes resource allocation among peers to their mutual advantage. Cohens vision of peers simultaneously helping each other by uploading and downloading has been realized by the BitTorrent system. The protocol shares data through what are known as torrents. For a torrent to be alive or active it must have several key components to function. These components include a tracker server, a .torrent file, a web server where the .torrent file is stored and a complete copy of the file being exchanged. Each of these components is described in the following paragraphs. The file being exchanged is the essence of the torrent and a complete copy is
8 Dept of CSE

147 148

referred to as a seed. A seed is a peer in the BitTorrent network willing to share a file with other peers in the network.

149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172

Fig 3.1 : A Typical BitTorrent System Peers lacking the file and seeking it from seeds are called leechers. While seeds only upload to leechers, leechers may both download from seeds and upload to other leechers. BitTorrents protocol is designed so leeching peers seek each other out for data transfer in a process known as optimistic unchoking. Together seeds and leechers engaged in file transfer are referred to as a swarm. A swarm is coordinated by a tracker server serving the particular torrent and interested peers find the tracker via metadata known as a .torrent file. Since BitTorrent has no built in search functionality, .torrent files are usually located via HTTP through search engines or trackers. The first step in the BitTorrent exchange occurs when a peer downloads a .torrent file from a server. The role of .torrent files is to provide the metadata that allows the protocol to function; .torrent files can be viewed as surrogates for the files being shared. These .torrent files contain key pieces of data to function correctly including file length, assigned name, hashing information about the file and the URL of the tracker coordinating the torrent activity. Torrent files can be created using a program such as MakeTorrent, another open source tool available under the free software model. When a .torrent file is opened by the peers client software, the peer then connects to the tracker server responsible for coordinating activity for that specific torrent. The tracker and client communicate by a protocol layered on top of HTTP and the trackers key role is to coordinate peers seeking the same file for Cohen envisioned The trackers responsibilities are strictly limited to helping peers find each other. In reality the trackers role is a bit more complex as many trackers collect data about peers engaged in a swarm.
9 Dept of CSE

173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205

Leechers and seeds are coordinated by the tracker server and the peers periodically update the tracker on their status allowing the tracker to have a global view of the system. The data monitored by the tracker can include peer IP addresses, amount of data uploaded/downloaded for specific peers, data transfer rates among peers, the percentage of the total file downloaded, length of time connected to the tracker, and the ratio of sharing among peers. Usually a tracker coordinates multiple torrents and the most popular trackers are busy coordinating thousands of swarms simultaneously. It should be noted that .torrent files are not the actual file being shared; rather .torrent files are the metadata information which allow which trackers and peers to coordinate their activities. As previously mentioned, the complete file is actually stored on peer seed nodes and not the tracker server. Since .torrent files are small and require little space to store, one server can easily host thousands of .torrent files without prohibitive server or bandwidth requirements.

4. Terminology
These are the common terms that one would come across while making a typical BitTorrent file transfer. Torrent : this refers to the small metadata file you receive from the web server (the one that ends in .torrent.) Metadata here means that the file contains information about the data you want to download, not the data itself. Peer : A peer is another computer on the internet that you connect to and transfer data. Generally a peer does not have the complete file. Leeches : They are similar to peers in that they wont have the complete file. But the main difference between the two is that a leech will not upload once the file is downloaded. Seed : A computer that has a complete copy of a certain torrent. Once a client downloads a file completely, he can continue to upload the file which is called as seeding. This is a good practice in the BitTorrent world since it allows other users to have the file easily. Reseed : When there are zero seeds for a given torrent, then eventually all the peers will get stuck with an incomplete file, since no one in the swarm has the
10 Dept of CSE

206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231

missing pieces. When this happens, a seed must connect to the swarm so that those missing pieces can be transferred. This is called reseeding. Swarm : The group of machines that are collectively connected for a particular file. Tracker : A server on the Internet that acts to coordinate the action of BitTorrent clients. The clients are in constant touch with this server to know about the peers in the swarm. Share ratio : This is ratio of amount of a file downloaded to that of uploaded. A ratio of 1 means that one has uploaded the same amount of a file that has been downloaded. Distributed copies : Sometimes the peers in a swarm will collectively have a complete file. Such copies are called distributed copies. Choked : It is a state of an uploader where he does not want to send anything on his link. In such cases, the connection is said to be choked. Interested : This is the state of a downloader which suggests that the other end has some pieces that the downloader wants. Then the downloader is said to be interested in the other end. Snubbed : If the client has not received anything after a certain period, it marks a connection as snubbed, in that the peer on the other end has chosen not to send in a while. Optimistic unchoking : Periodically, the client shakes up the list of uploaders and tries sending on different connections that were previously choked, and choking the connections it was just using. This is called optimistic unchoking.

5. Architecture of BitTorrent
The BitTorrent protocol can be split into the following five main components: Metainfo File - a file which contains all details necessary for the protocol to operate. Tracker - A server which helps to manage the BitTorrent protocol. Peers - Users exchanging data via the BitTorrent protocol. Data - The files being transferred across the protocol. Client - The program which sits on a peers computer and implements the protocol.
11 Dept of CSE

232 233 234 235 236 237

238 239 240 241 242 243 244 245

Peers use TCP (Transport Control Protocol) to communicate and send data. This protocol is preferable over other protocols such as UDP (User Datagram Protocol) because TCP guarantees reliable and in-order delivery of data from sender to receiver. UDP cannot give such guarantees, and data can become scrambled, or lost all together. The tracker allows peers to query which peers have what data, and allows them to begin communication. Peers communicate with the tracker via the plain text via HTTP (Hypertext Transfer Protocol) The following diagram illustrates how peers interact with each other, and also communicate with a central tracker.

246 247 248 249 250 251 252 253 254 255

Fig 5.1 : Architecture of a BitTorrent System

5.1 Metainfo File [2]

When someone wants to publish data using the BitTorrent protocol, they must create a metainfo file. This file is specific to the data they are publishing, and contains all the information about a torrent, such as the data to be included, and IP address of the tracker to connect to. A tracker is a server which 'manages' a torrent, and is discussed in the next section. The file is given a '.torrent' extension, and the data is extracted from the file by a BitTorrent client. This is a program which runs on the user computer, and implements the bittorrent protocol. Every metainfo file must contain the following information, (or 'keys'):
12 Dept of CSE

256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285

info: A dictionary which describes the file(s) of the torrent. Either for the single file, or the directory structure for more files. Hashes for every data piece, in SHA 1 format are stored here.

announce: The announce URL of the tracker as a string

The following are optional keys which can also be used:

announce-list: Used to list backup trackers creation date: The creation time of the torrent by way of UNIX time stamp (integer seconds since 1-Jan-1970 00:00:00 UTC)

comment: Any comments by the author created by: Name and Version of programme used to create the metainfo file

These keys are structured in the metainfo file as follows:

{'info': {'piece length': 131072, 'length': 38190848L, 'name': 'Cory_Doctorow_Microsoft_Research_DRM_talk.mp3', 'pieces': '\xcb\xfaz\r\x9b\xe1\x9a\xe1\x83\x91~\xed@\.....', } 'announce': 'http://tracker.var.cc:6969/announce', 'creation date': 1089749086L }

Instead of transmitting the keys in plain text format, the keys contained in the metainfo file are encoded before they are sent. Encoding is done using bittorrent specific method known as 'bencoding'. 5.1.1 Bencoding: Bencoding is used by bittorrent to send loosely structured data between the BitTorrent client and a tracker. Bencoding supports byte strings, integers, lists and dictionaries. Bencoding uses the beginning delimiters 'i' / 'l' / 'd' for integers, lists and dictionaries respectively. Ending delimiters are always 'e'. Delimiters are not used for byte strings. Bencoding Structure:

Byte Strings : <string length in base ten ASCII> : <string data> Integers: i<base ten ASCII>e Lists: l<bencoded values>e Dictionaries: d<bencoded string><bencoded element>e
13 Dept of CSE

286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315

Minus integers are allowed, but prefixing the number with a zero is not permitted. However '0' is allowed. Examples of bencoding: 4:spam // represents the string "spam" i3e // represents the integer "3" l4:spam4:eggse // represents the list of two strings: ["spam","eggs"] d4:spaml1:a1:bee // represents the dictionary {"spam" => ["a" , "b"] } 5.1.2 Metainfo File Distribution : Because all information which is needed for the torrent is included in a single file, this file can easily be distributed via other protocols, and as the file is replicated, the number of peers can increase very quickly. The most popular method of distribution is using a public indexing site which hosts the metainfo files. A seed will upload the file, and then others can download a copy of the file over the HTTP protocol and participate in the torrent.

5.2 Tracker[2]
A tracker is used to manage users participating in a torrent (known as peers). It stored statistics about the torrent, but its main role is allow peers to 'find each other' and start communication, i.e. to find peers with the data they require. Peers know nothing of each other until a response is received from the tracker. Whenever a peer contacts the tracker, it reports which pieces of a file they have. That way, when another peer queries the tracker, it can provide a random list of peers who are participating in the torrent, and have the required piece. A tracker is a HTTP/HTTPS service and typically works on port 6969. The address of the tracker managing a torrent is specified in the metainfo file, a single tracker can manage multiple torrents. Multiple trackers can also be specified, as backups, which are handled by the BitTorrent client running on the users computer. BitTorrent clients communicate with the tracker using HTTP GET requests, which is a standard CGI method. This consists of appending a "?" to the URL, and separating parameters with a "&". The parameters accepted by the tracker are:

info_hash: 20-byte SHA1 hash of the info key from the metainfo file. peer_id: 20-byte string used as a unique ID for the client.
14 Dept of CSE

316 317 318

port: The port number the client is listed on. uploaded: The total amount uploaded since the client sent the 'started' event to the tracker in base ten ASCII.

319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334

Fig 5.2 : Tracker downloaded: The total amount downloaded since the client sent the 'started' event to the tracker in base ten ASCII. left: The number of bytes the client till has to download, in base ten ASCII. compact: Indicates that the client accepts compacted responses. The peer list can then be replaced by a 6 bytes per peer. The first 4 bytes are the host, and the last 2 bytes are port. event: If specified, must be one of the following: started, stopped, completed. ip: (optional) The IP address of the client machine, in dotted format. numwant: (optional) The number of peers the client wishes to receive from the tracker. key: (optional) Allows a client to identify itself if their IP address changes. trackerid: (optional) If previous announce contained a tracker id, it should be set here. The tracker then responds with a "text/plain" document with the following keys:
15 Dept of CSE

335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350

failure message: If present, then no other keys are included. The value is a human readable error message as to why the request failed.

warning message: Similar to failure message, but response still gets processed. interval: The number of seconds a client should wait between sending regular requests to the tracker.

min interval: Minimum announce interval. tracker id: A string that the client should send back with its next announce. complete: Number of peers with the complete file. incomplete: number of non-seeding peers (leechers) peers: A list of dictionaries including: peer id, IP and ports of all the peers.

5.2.1 Scraping Scraping is the process of querying the state of a given torrent (or all torrents) that the tracker is managing. The result is known as a "scrape page". To get the scrape, you must start with the announce URL, find the last '/' and if the text immediately following the '/' is 'announce', then this can be substituted for 'scrape' to find the scrape page. Examples: Announce URL http://example.com/annnounce http://example.com/a/annnounce http://example.com/announce.php Scrape URL http://example.com/scrape http://example.com/a/scrape http://example.com/scrape.php

351 352 353 354 355 356 357 358 359

The tracker then responds with a "text/plain" document with the following bencoded keys:

files: A dictionary containing one key pair for each torrent. Each key is made up of a 20-byte binary hash value. The value of that key is then a nested dictionary with the following keys:

complete: number of peers with the entire file (seeds) downloaded: total number of times the entire file has been downloaded. incomplete: the number of active downloaders (lechers) name: (optional) the torrent name
16 Dept of CSE

360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388

5.3 Peers[4]
Peers are other users participating in a torrent, and have the partial file, or the complete file (known as a seed). Pieces are requested from peers, but are not guaranteed to be sent, depending on the status of the peer. BitTorrent uses TCP (Transmission Control Protocol) ports 6881-6889 to send messages and data between peers, and unlike other protocols, does not use UDP (User Datagram Protocol) 5.3.1 Piece Selection Peers continuously queue up the pieces for download which they require. Therefore the tracker is constantly replying to the peer with a list of peers who have the requested pieces. Which piece is requested depends upon the BitTorrent client. There are three stages of piece selection, which change depending on which stage of completion a peer is at. 5.3.2 Random First Piece When downloading first begins, as the peer has nothing to upload, a piece is selected at random to get the download started. Random pieces are then chosen until the first piece is completed and checked. Once this happens, the 'rarest first' strategy begins. 5.3.3 Rarest First When a peer selects which piece to download next, the rarest piece will be chosen from the current swarm, i.e. the piece held by the lowest number of peers. This means that the most common pieces are left until later, and focus goes to replication of rarer pieces. At the beginning of a torrent, there will be only one seed with the complete file. There would be a possible bottle neck if multiple downloaders were trying to access the same piece. rarest first avoids this because different peers have different pieces. As more peers connect, rarest first will the some load off of the tracker, as peers begin to download from one another. Eventually the original seed will disappear from a torrent. This could be because of cost reasons, or most commonly because of bandwidth issues. Losing a seed runs the risk of pieces being lost if no current downloaders have them. Rarest first works to prevent the loss of pieces by replicating the pieces most at risk as quickly as possible. If the original seed goes before at least one other peer has the complete file, then no one will reach completion, unless a seed re-connects.

17

Dept of CSE

389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408

5.3.4 Endgame Mode When a download nears completion, and waiting for a piece from a peer with slow transfer rates, completion may be delayed. To prevent this, the remaining sub-pieces are requested from all peers in the current swarm. 5.3.5 Peer Distribution The role of the tracker ends once peers have 'found each other'. From then on, communication is done directly between peers, and the tracker is not involved. The set of peers a BitTorrent client is in communication with is known as a swarm. To maintain the integrity of the data which has been downloaded, a peer does not report that they have a piece until they have performed a hash check with the one contained in the metainfo file. Peers will continue to download data from all available peers that they can, i.e. peers that posses the required pieces. Peers can block others from downloading data if necessary. This is known as choking. 5.3.6 Choking[2] When a peer receives a request for a piece from another peer, it can opt to refuse to transmit that piece. If this happens, the peer is said to be choked. This can be done for different reasons, but the most common is that by default, a client will only maintain a default number of simultaneous uploads (max_uploads). All further requests to the client will be marked as choked. Usually the default for max_uploads is 4.

409

Fig 5.3 : Choking by a peer

18 Dept of CSE

410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439
3.

The peer will then remain choked until an unchoke message is sent. Another example of when a peer is choked would be when downloading from a seed, and the seed requires no pieces. To ensure fairness between peers, there is a system in place which rotates which peers are downloading. This is known as optimistic unchoking. 5.3.7 Optimistic Unchoking[2] To ensure that connections with the best data transfer rates are not favoured, each peer has a reserved 'optimistic unchoke' which is left unchoked regardless of the current transfer rate. The peer which is assigned to this is rotated every 30 seconds. This is enough time for the upload / download rates to reach maximum capacity. The peers then cooperate using the tit for tat strategy, where the downloader responds in one period with the same action the uploader used in the last period. 5.3.8 Communication Between Peers Peers which are exchanging data are in constant communication. Connections are symmetrical, and therefore messages can be exchanged in both directions. These messages are made up of a handshake, followed by a never-ending stream of length-prefixed messages. 5.3.9 Handshaking[2] Handshaking is performed as follows: 1. The handshake starts with character 19 (base 10) followed by the string 'BitTorrent Protocol'. 2. A 20 byte SHA1 hash of the bencoded info value from the metainfo is then sent. If this does not match between peers the connection is closed. A 20 byte peer id is sent which is then used in tracker requests and included in peer requests. If the peer id does not match the one expected, the connection is closed.

5.3.10 Message Stream[2] This constant stream of messages allows all peers in the swarm to send data, and control interactions with other peers. A peer will be 'interested' in data if there is a peer which has the required pieces. If the peer which has this data is not choked, then data will be transferred. After handshaking, by default, connections start out as choked, and not interested.

19

Dept of CSE

Prefix

Message

Structure

Additional Information

choke

<len=0001><id=0>

Fixed length, no payload. This enables a peer to block another peers request for data. Fixed length, no payload. Unblock peer, and if they are still interested in the data, upload will begin. Fixed length, no payload. A user is interested if a peer has the data they require. Fixed length, no payload. The peer does not have any data required. Fixed length. Payload is the zerobased index of the piece. Details the pieces that peer currently has. Sent immediately after handshaking. Optional, and only sent if client has pieces. Variable length, X is the length of bitfield. Payload represents pieces that have been successfully downloaded. Fixed length, used to request a block of pieces. The payload contains integer values specifying the index, begin location and length. Sent together with request messages. Fixed length, X is the length of the block. The payload contains integer values specifying the index, begin location and length.

unchoke

<len=0001><id=1>

interested

<len=0001><id=2>

not interested have

<len=0001><id=3>

<len=0005><id=4><piece index>

bitfield

<len=0001+X><id=5><bitfield>

request

<len=0013><id=6><index><begin ><length>

piece

<len=0009+X><id=7><index><be gin><block>

cancel

<len=13><id=8><index><begin>< Fixed length, used to cancel block length> requests. payload is the same as request. Typically used during end game mode.

20

Dept of CSE

440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461

5.4 Data
BitTorrent is very versatile, and can be used to transfer a single file, of multiple files of any type, contained within any number of directories. File sizes can vary hugely, from kilobytes to hundreds of gigabytes. 5.4.1 Piece Size Data is split into smaller pieces which sent between peers using the bittorrent protocol. These pieces are of a fixed size, which enables the tracker to keep tabs on who has which pieces of data. This also breaks the file into verifiable pieces, each piece can then be assigned a hash code, which can be checked by the downloader for data integrity. These hashes are stored as part of the 'metinfo file'. The size of the pieces remains constant throughout all files in the torrent except for the final piece which is irregular. The piece size a torrent is allocated depends on the amount of data. Piece sizes which are too large will cause inefficiency when downloading (larger risk of data corruption in larger pieces due to fewer integrity checks), whereas if the piece sizes are too small, more hash checks will need to be run. As the number of pieces increase, more hash codes need to be stored in the metainfo file. Therefore, as a rule of thumb, pieces should be selected so that the metainfo file is no larger than 50 - 75kb. The main reason for this is to limit the amount of hosting storage and bandwidth needed by indexing servers. The most common piece sizes are 256kb, 512kb and 1mb. The number of pieces is therefore: total length / piece size. For example, a 1.4Mb file could be split into the following pieces. This shows 5 * 256kb pieces, and a final piece of 120kb.

462 463 464 465 466

Fig 5.4 : Pieces of a file

5.5 BitTorrent Clients

A BitTorrent client is an executable program which implements the BitTorrent protocol. It runs together with the operating system on a users machine, and handles

21

Dept of CSE

467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499

interactions with the tracker and peers. The client sits on the operating system and is responsible for controlling the reading / writing of files, opening sockets etc. A metainfo file must be opened by the client to start partaking in a torrent. Once the file is read, the necessary data is extracted, and a socket must be opened to contact the tracker. BitTorrent clients use TCP ports 6881-6999. To find an available port, the client will start at the lowest port, and work upwards until it finds one it can use. This means the client will only use one port, and opening another BitTorrent client will use another port. A client can handle multiple torrents running concurrently.

6. Vulnerabilities of BitTorrent
6.1 Attacks on BitTorrent
As we have seen so far, BitTorrent is one of most favoured file transfer protocol in todays world. But it has been exposed to various attacks in the recent past due to the vulnerabilities that are being exploited by the hacker community. Here are some of the attacks that are commonly seen. 6.1.1 Pollution attack 1. The peers receive the peer list from the tracker. 2. One peer contacts the attacker for a chunk of the file. 3. The attacker sends back a false chunk. 4. This false chunk will fail its hash and will be discarded. 5. Attacker requests all chunks from swarm and wastes their upload bandwidth. 6.1.2 DDOS attack DDOS stands for Distributed denial of service. This attack is possible because of the fact that BitTorrent Tracker has no mechanism for validating peers. This means there is no way to trace the culprit in these kind of attacks. Also attacks of this stature are possible because of the modifications that can be done to the client software. 1. The attacker downloads a large number of torrent files from a web server. 2. The attacker parses the torrent files with a modified BitTorrent client and spoofs his IP address and port number with the victims as he announces he is joining the swarm. 3. As the tracker receives requests for a list of participating peers from other clients it sends the victims IP and port number.
22 Dept of CSE

500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532

4. The peers then attempt to connect to the victim to try and download a chunk of the file. 6.1.3 Bandwidth Shaping Many ISPs dont encourage the use of BitTorrent from their users. This is because BitTorrent is usually used to transfer large sized files due to which the traffic over the ISPs increase to a large extent. To avoid such exploding traffic on their servers many ISPs have started to avoid the traffic caused by BitTorrent. This can be done by sniffing the packets that pass through and detecting whether they oblige BitTorrent protocol. ISPs make use of filters to find out such packets and block them from passing their servers.

6.2 Solutions
Here are a few solutions to the attacks that were discussed above. 6.2.1 Pollution attack The peers which perform such attacks are identified by tracing their IPs. Then, such IPs are blacklisted to avoid further communication with them. These blacklisted IPs are blocked by denying them connections with other peers. This is done by using software like Peer Guardian or moBlock, which download the list of blacklisted IPs from internet.

6.2.2 DDOS attack The main solution to this kind of attack is to have clients parse the response from the tracker. In the case where a host (tracker) does not respond to a peers request with a valid BitTorrent protocol message it should be inferred that this host is not running BitTorrent. The peer should then exclude hat address from its tracker list, or set a high retry interval for that specific tracker. Another fix would be for web sites hosting torrents to check and report whether all trackers are active, or even remove the on-responding trackers from the tracker list in the torrent. Another measure could be to restrict the size of the tracker list to reduce the effectiveness of such an attack.

6.2.3 Bandwidth Shaping There are broadly two approaches followed to counter this type of attacks. The first method is to encrypt the packets sent by the means of BitTorrent protocol. By doing this, the filters that sniff packets will not be able to detect such packets belonging to BitTorrent protocol. This means that the filters are fooled by the encrypted packets and thus packets can
23 Dept of CSE

533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561

sneak through such filters. Another approach is to make use of tunnels. Tunnels are dedicated paths where the filters are avoided by using VPN software which connects to the unfiltered networks. This results in successfully bypassing the filters and thus the packets are guaranteed to be transmitted across networks.

7. Conclusion
BitTorrent pioneered mesh-based file distribution that effectively utilizes all the uplinks of participating nodes. Most followon research used similar distributed and randomized algorithms for peer and piece selection, but with different emphasis or twists. This work takes a different approach to the mesh-based file distribution problem by considering it as a scheduling problem, and strives to derive an optimal schedule that could minimize the total elapsed time. BitTorrents application in this information sharing age is almost priceless. However, it is still not perfected as it is still prone to malicious attacks and acts of misuse. Moreover, the lifespan of each torrent is still not satisfactory, which means that the length of file distribution can only survive for a limited period of time. Thus, further analysis and a more thorough study in the protocol will enable one to discover more ways to improve it.

8. References
1. Information on BitTorrent Protocol en.wikipedia.org/wiki/BitTorrent_(protocol) 2. BitTorrent Specifications http://wiki.theory.org/BitTorrentSpecification 3. Other Information http://www.dessent.net/btfaq/#compare 4. Cohen, Bram (2003) Incentives Build Robustness in BitTorrent, May 22 2003 http://www.bitconjurer.org/BitTorrent/bittorrentecon.pdf

24

Dept of CSE