While doing some BT client testing I noticed that the NAT check in Bittornado (called when you connect to tracker to stop you lying about IP and see if you have a real IP) writes the BT identifier, the null bytes and the downloadid, but not a peer ID.
ie
Code:
self.connection.write(chr(len(protocol_name)) + protocol_name +
(chr(0) * 8) + downloadid)
It then waits for the client to send 68 bytes (ie the above + correct peer ID).
This requires that rather than a listening client waiting for the full handshake before responding it has to respond after a partial message, which requires more TCP traffic.
Its not a major point, but if the NAT test used a peer id (it could be a fake one like all zeros) it would simplify things.