NETSTAT question

Discussion in 'privacy general' started by CompilerBacter, Jan 4, 2004.

Thread Status:
Not open for further replies.
  1. CompilerBacter

    CompilerBacter Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    22
    I often use netstat to see the established connections during on-line gaming. This often gives a clue about the geographic location of players.

    However, on one occasion, with myself and one other player in the game, no connections showed up, it was like I was in the game alone. The player said he was not behind a fire wall but did have a router.

    Is this a normal feature of a router set-up or is it purposely stealthed in some way?
    I ask only to gain more understanding of how netstat works.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Neither routers nor firewalls will have any effect on what netstat shows. If there is an established connection, it has already passed through any routers or firewalls to get there, so those won't change any of this.

    Now, netstat on the other hand can miss stuff, especially on Win9x systems. From time to time Jason from DCS forums (above here at Wilders) will post about the different issues with netstat on older versions of Windows. Apparantly, netstat on Windows XP is incredibly accurate, but old versions can have problems. (You're on Win98 right?)

    I can't do any justice to the explanations beyond what I've just written, so I won't even try. Maybe we can get Jason to comment on this.

    Now, the only other thing I can think of... You said that "no connections showed up". Do you mean you had none to any where or just none to that other player? Who was providing the game server - you, the other player or some central server that wasn't either of you? Did you have a connection to that? All of these points are really to suggest that maybe there just weren't any active connections between the two of you at the time you checked netstat. :doubt:
     
  3. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    NETSTAT generally won't miss any network connections unless there is some form of connection hiding driver/software installed (like a Rootkit). NETSTAT just displays information about the network which is stored in internal kernel level structures.

    The good thing about software which doesn't fully rely on netstat (something like Port Explorer, and some firewalls possibly) is that they can still show information on network conditions even if there is a program blocking the normal "netstat" output.

    I have seen computers that when netstat is run there is nothing displayed by it at all. Did you make sure you typed "netstat -an" ? If there is nothing displayed by "netstat -an" then most likely you have no network protocols/hardware installed, or possibly a firewall is blocking everything. There are many possibilities. :)

    -Jason-
     
  4. CompilerBacter

    CompilerBacter Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    22
    Thanks for the replies guys, I think I understand a little more now.
    From what you have said it seems like the two most likely possibilities are:
    1) The connection was (temporarily) broken when I ran netstat
    2) The connection was hidden somehow.

    In answer to your questions:

    Yes I am on Win98.

    By "no connections showed up" I didn't mean none at all, just the expected one to the player.

    I could see the usual connections to the game server.

    I typed "netstat -p tcp" and also "netstat -a" both gave the same result.

    Anyway, thanks again, I will see if the same thing happens the next time I play the guy.
     
  5. controler

    controler Guest

    how about netstat -aon ?
     
  6. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    The "-o" flag only works on Windows XP + . There is no operating system way of getting the owner of a port under Windows 9x. Actually there probably is a very undocumented way of getting it, but much research would be needed.

    Port Explorer achieves Port to Process mapping on 9x in a different way which doesn't rely on netstat, and is one of only a few programs to port to process map on Windows 9x.

    -Jason-
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    To be honest, I don't know how that game works but I highly suspect that "direct connections" player to player are not always there. You do have the connection to the central game server (which is why I asked about that), so it may simply be that at the point you checked, the only connections active (and needed) were from each player to the central server and not player to player.
     
  8. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Unless the game is a split or straight peer-to-peer server you will never have direct connections to other players. Quake, Unreal, CounterStrike and Massive Multiplayer games like Everquest, etc are games which use a SERVER->CLIENT model, you will only have a connection to the server, because you are the client, as all clients will.

    Peer to Peer works a bit differently. Depending on how good the developers are it can be a split peer to peer system or straight (think of it like a line) peer to peer. Either way, in this system each connection can be made from your machine to another player, or multiple players. Some old games (DOS based iirc) had systems where each player was connected to each other player, so if there was 8 players there would be 64 connections total. This isn't a good way of dealing with it.

    With a split peer to peer system it combines SERVER->CLIENT and PEER->PEER. To best show why they would do this imagine you had TWO really fast broadband connections and 6 dialup users in an 8 player game. In a proper peer to peer network there would be 8 connections, with each player having upto 2 connections. It would be like a straight line of connections, with some dialup users connected to other dialup users. Ideally though, the broadband users who have really low pings and high bandwidth should be hosting a few of those dialup users to maximise the potential for this group of players. So in an ideal situation, each broadband player would host 3 dialup users each and connect to each other. This is one of the most optimized forms of networks you can build.

    I know Starcraft uses this method and possibly Warcraft also.

    -Jason-
     
  9. CompilerBacter

    CompilerBacter Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    22
    Interesting stuff thanks! I realize how much I don't know about it now :)

    Anyway the game is "Virtual Pool 3", as far as I know, once launched by the game server, (GameSpy Arcade), the game is pretty much standalone, this makes it peer-to-peer right?

    In answer to LWM, I have been doing this for years and have never seen a connection disappear so I don't think this happens as part of the games normal operation. If I do netstat -p tcp during a game I can definitely see the other players IP as this often tells me where they are, usually both the country and city and often their ISP and type of connection i.e. DSL dial-up etc. I don't have an example to post here at the moment sorry.

    Anyway, I'd like to take this opportunity to thank everyone here, (both staff and posters), for their time and effort over the years, it has been a great help to me, and I know many others too.
     
Loading...
Thread Status:
Not open for further replies.