We run a mixed environment and near as I can tell have no traffic
running around on ports 4662.

"tcp.port==4662 || udp.port==4662" is an option for a wireshark display
filter, but also wireshark has built in filters for edonkey traffic.

If you are a switching environment, make sure to configure your switch
to span or mirror to your capture port.

Interesting reading:

With only this info, I wouldn't rule out that you may indeed have some
emule/edonky traffic running around.

On 7/25/2012 9:17 AM, Chris wrote:
> Hi all: I have been seeing a lot of traffic on port 4662 across our
> WANs via using Cisco's nbar discovery. Cisco labels it a eDonkey, which
> is a file sharing system, but I have my doubts that is the culprit. Do
> you know of any other applications typically found in a mixed
> OES/Windows (eDir/AD) environment that might be making use of this port?
> Also, I am not sure how to go about sniffing for this port traffic using
> Wireshark? Can someone help me out with this?
> Thanks, Chris.