# bittorrent **Explanation** The bittorrent NDM is designed to detect BitTorrent traffic on a network. BitTorrent is a type of peer-to-peer (P2P) file-sharing protocol that allows users to share large files, such as movies or software. This traffic is often used to distribute copyrighted material, making it a concern for organizations that want to prevent illegal file-sharing or piracy. This NDM will trigger an alert when certain types of BitTorrent traffic are detected. **What to Look For** If this NDM triggers an alert, it is recommended to investigate the source and destination IP addresses and port numbers associated with the BitTorrent traffic. This can be done by examining network traffic logs for any suspicious activity. Additionally, it may be useful to check the endpoints for any BitTorrent clients or software that may be in use. If any are found, it is recommended to remove them and take appropriate actions to prevent future use. Ultimately, it is important to ensure that proper security measures are in place to prevent unauthorized file-sharing or piracy within your organization. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fusion.vectra.ai/detection-models/library/operational-governance/bittorrent.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.