Bittorrent traffic is using protocol 6881-6889 and 6969 for the tracker port so it is possible to monitor it with NTA. However for DHT extension (peer2peer tracker) it use various UDP ports which are negotiated by the peers so if you know actual peer2peer DHT port you can also monitor this by NTA. In case of cryptocurrency mining as this is not port related traffic it is difficult to identify crypto mining data from netflow data. For the case of crypto mining in the browsers or other applications you may use list of publicly shared coin mining host so when defined as IPgroup in NTA it is possible to view crypto mining traffic.
Bittorrent traffic is using protocol 6881-6889 and 6969 for the tracker port so it is possible to monitor it with NTA. However for DHT extension (peer2peer tracker) it use various UDP ports which are negotiated by the peers so if you know actual peer2peer DHT port you can also monitor this by NTA. In case of cryptocurrency mining as this is not port related traffic it is difficult to identify crypto mining data from netflow data. For the case of crypto mining in the browsers or other applications you may use list of publicly shared coin mining host so when defined as IPgroup in NTA it is possible to view crypto mining traffic.
