Hmm... on that forum thread he linked...
I tried this rule also but it not working properly.
My question: Is bit torrent traffic same as utorrent traffic?
thanks
uTorrent is a client for the bittorrent protocol.
The short story is that you can't block p2p protocols by trying to detect them (blacklist). The best you can do is classify all traffic you want to permit (whitelist) and then block everything else.
edit... From another thread (Googled "torrent site:forum.mikrotik.com")
Torrents are some of the hardest programs to detect, especially on a layer3 device. You can guess based off of the p2p firewall matcher provided by MikroTik, but that is unreliable as the definitions are out of date. It is also very easy for someone to encrypt their p2p traffic, or even send it over port 80 to masquerade what they are really doing. To reliably detect a torrent, you need something that operates and inspects the packets at layer7, very expensive hardware, or very expensive on the CPU time for a router.
What it all comes down to is guess work.
1.) Is the end user maxing out their upload on a regular basis for extended periods of time? If so this could be an indication of a torrent user.
2.) Is the end user opening up several TCP and UDP sessions to several remote IPs, more than normal. This can be an indication of a torrent user, or a virus.
Those are some of the more common give a ways, but by no means are it. It is also easy for an end user to set limits on their client so they come in at under those values, so there is no definite answer to your question. Also torrents can be, and are often used for legitimate reasons. You can try to actively identify and do stuff about people that torrent, but chances are you are going to spend more time and money dealing with it than it is worth.
If you want to find a way to deal with it, probably the best approach is to identify traffic that you "like" and assume everything else is stuff you don't. Then set up queues and priorities for those kinds of traffic.
How can we make Bitcoin network traffic as difficult to detect as BitTorrent traffic?