As part of a broader organisational restructure, data networking
research at Swinburne University of Technology has moved from
the Centre for Advanced Internet Architecture (CAIA)
to the Internet For Things (I4T) Research Lab.
Although CAIA no longer exists, this website reflects CAIA's activities and
outputs between March 2002 and February 2017,
and is being maintained as a service to the broader data networking research community.
Animated global distribution of game clients from the CounterStrike game family
This page presents the diurnal fluctuations in game server discovery probe traffic
arriving from around the world between December 25th 2009 and March 10th 2010, as
seen by individual game servers located in Melbourne, Australia. We used the
following game servers: CounterStrike:Source, Day of Defeat 2 (Source),
CounterStrike 1.6 (standard, Condition Zero, Day of Defeat, and Team Fortress),
and CounterStrike 1.7 beta.
We configured each game server to register itself with the appropriate master server,
and then refuse to allow any players to actually join a game. In this way we attracted,
and then captured, game server discovery probe traffic from hundreds of thousands of
clients around the world, 24hrs per day. We then used MaxMind's® GeoLiteCity database
to map observed source IPv4 addresses to geographic coordinates, and produce the
following animations of client distributions over time.
CS:Source Client distribution, 25 December 2009 - 09 March 2010
Day of Defeat 2 (Source) Client distribution, 25 December 2009 - 09 March 2010
CounterStrike 1.6 Clients distribution, 25 December 2009 - 09 March 2010
CounterStrike 1.6 "Condition Zero" Clients distribution, 25 December 2009 - 09 March 2010
CounterStrike 1.6 "Day of Defeat" Client distribution, 25 December 2009 - 09 March 2010
CounterStrike 1.6 "Team Fortress Classic" Client distribution, 25 December 2009 - 09 March 2010
CounterStrike 1.7 BETA Client distribution, 25 December 2009 - 09 March 2010
We have also created a single animation combining the client probing traffic for CS:Source (SourceEngine), Day of Defeat 2 (SourceEngine),
CounterStrike 1.6 (Goldsource) and Day of Defeat (Goldsource):
Overlay of the CS:Source (green), CounterStrike 1.6 (blue), DoD2 (red) and DoD (brown) animations for the period 25 December 2009 - 09 March 2010
How to create the animations
We created a number of scripts to produce these animations which
are based on a range of tools:
Step by step instruction on how to use the scripts:
Using tcpdump we created one pcap (dump) file per day containing probes directed to all of our servers
Using the per_country_stats_15min.py Python script, we extracted the source address, prefix and Autonomous System information for each file and server
Then we used getbadaddr_15min.py to find unwanted addresses (like the ones belonging to game server statistics webpages,
which would constantly probe the servers and skew the data)
Combining the outcome of the previous "bad address" script with per_15min_kml.py we then created .kml files containing geolocation information about the game clients for each server.
One file per 15 minutes of data has been generated.
After having obtained .kml files, we switched to using Matlab®. With the kmlset_shapefile.m script we converted all .kml files into .shp files
Finally we then ran the makemovie.m script to create the world map with geolocation heatmap and CDF. One image per .kml/.shp file has been created. 7200 images (frames) for each game server.
The day-night terminator (daylight map) has been created using the plotdaynightterminator.m helper script.
The animations themselves have been created from the images using ffmpeg:
This command generates a 720p H.264 encoded video file with 25 frames per seconds, ready for upload on YouTube®
A more detailed description on how to use the scripts can be found here and here. Additional information can be found in the single source files.
The scripts work with server discovery (probe) traffic for SourceEngine and Goldsource based servers (Valve®)
and Enemy Territory servers (id®) collected via tcpdump.
More information about the server discovery protocol can be found here,
here and here
This project has been made possible in part by
grants from APNIC for a project
titled "Exploring the Utilisation of IPv4
Address Space and Size of the NATed IPv4