This the command I use to track down P2P conenctions through my networks:

ngrep -t -d ETH00:00 -q -i -W single -l \
'info_hash|torr|bitt|vuze|azue|tracker|edonk|aza|lime|emule\
|gift|gnutella|frostwire|morpheus|bearshare|uTorrent'

Note: it should all be on one line.

-i is ignore case
-w is word-regex (expression must match as a word)
-l is make stdout line buffered
-t is print timestamp every time a packet is matched
-W is set the dump format (normal, byline, single, none)
-d is use specified device instead of the pcap default

 

Bad Behavior has blocked 194 access attempts in the last 7 days.