Centre closure

As part of a broader organisational restructure, data networking research at Swinburne University of Technology has moved from the Centre for Advanced Internet Architecture (CAIA) to the Internet For Things (I4T) Research Lab.

Although CAIA no longer exists, this website reflects CAIA's activities and outputs between March 2002 and February 2017, and is being maintained as a service to the broader data networking research community.

MAPPING -- Measuring And Practically Predicting INternet Growth

Measuring and predicting growth in Internet addressing, routing complexity and energy usage

Animated global distribution of game clients from the CounterStrike game family

This page presents the diurnal fluctuations in game server discovery probe traffic arriving from around the world between December 25th 2009 and March 10th 2010, as seen by individual game servers located in Melbourne, Australia. We used the following game servers: CounterStrike:Source, Day of Defeat 2 (Source), CounterStrike 1.6 (standard, Condition Zero, Day of Defeat, and Team Fortress), and CounterStrike 1.7 beta.

We configured each game server to register itself with the appropriate master server, and then refuse to allow any players to actually join a game. In this way we attracted, and then captured, game server discovery probe traffic from hundreds of thousands of clients around the world, 24hrs per day. We then used MaxMind's® GeoLiteCity database to map observed source IPv4 addresses to geographic coordinates, and produce the following animations of client distributions over time.

The raw data was gathered by Mattia Rossi in 2009-2010 as part of a joint project with Professor Grenville Armitage. The animated representations were developed by Mattia in 2011. Parts of this animations have been used in the paper Inferring the Time-zones of Prefixes and Autonomous Systems by Monitoring Game Server Discovery Traffic

CS:Source Client distribution, 25 December 2009 - 09 March 2010




Day of Defeat 2 (Source) Client distribution, 25 December 2009 - 09 March 2010




CounterStrike 1.6 Clients distribution, 25 December 2009 - 09 March 2010




CounterStrike 1.6 "Condition Zero" Clients distribution, 25 December 2009 - 09 March 2010




CounterStrike 1.6 "Day of Defeat" Client distribution, 25 December 2009 - 09 March 2010




CounterStrike 1.6 "Team Fortress Classic" Client distribution, 25 December 2009 - 09 March 2010




CounterStrike 1.7 BETA Client distribution, 25 December 2009 - 09 March 2010




We have also created a single animation combining the client probing traffic for CS:Source (SourceEngine), Day of Defeat 2 (SourceEngine), CounterStrike 1.6 (Goldsource) and Day of Defeat (Goldsource):


Overlay of the CS:Source (green), CounterStrike 1.6 (blue), DoD2 (red) and DoD (brown) animations for the period 25 December 2009 - 09 March 2010



How to create the animations

We created a number of scripts to produce these animations which are based on a range of tools:

  • Python for data extraction
  • MaxMind's® GeoLiteCity database for IP to coordinates mapping
  • Matlab® for creating the graphs
  • FFmpeg for creating the animations

Further the following additional python libraries and Matlab scripts have been used:
  • Pylibpcap for packet extrapolation (needs libpcap)
  • Pygeoip for interfacing Python with MaxMind's® databases
  • A Matlab script to convert .kml files into .shp files

Step by step instruction on how to use the scripts:

  1. Using tcpdump we created one pcap (dump) file per day containing probes directed to all of our servers
  2. Using the per_country_stats_15min.py Python script, we extracted the source address, prefix and Autonomous System information for each file and server
  3. Then we used getbadaddr_15min.py to find unwanted addresses (like the ones belonging to game server statistics webpages, which would constantly probe the servers and skew the data)
  4. Combining the outcome of the previous "bad address" script with per_15min_kml.py we then created .kml files containing geolocation information about the game clients for each server. One file per 15 minutes of data has been generated.
  5. After having obtained .kml files, we switched to using Matlab®. With the kmlset_shapefile.m script we converted all .kml files into .shp files
  6. Finally we then ran the makemovie.m script to create the world map with geolocation heatmap and CDF. One image per .kml/.shp file has been created. 7200 images (frames) for each game server. The day-night terminator (daylight map) has been created using the plotdaynightterminator.m helper script.
  7. The animations themselves have been created from the images using ffmpeg:
    • ffmpeg -y -r 25 -i client%4d.png -s 1280x720 -v 1 -vcodec libx264 -b "7000k" -maxrate 8000k -bufsize 5000k -f mp4 -vpre baseline video.mp4
    This command generates a 720p H.264 encoded video file with 25 frames per seconds, ready for upload on YouTube®

A more detailed description on how to use the scripts can be found here and here. Additional information can be found in the single source files. The scripts work with server discovery (probe) traffic for SourceEngine and Goldsource based servers (Valve®) and Enemy Territory servers (id®) collected via tcpdump. More information about the server discovery protocol can be found here, here and here

APNIC logo

This project has been made possible in part by grants from APNIC for a project titled "Exploring the Utilisation of IPv4 Address Space and Size of the NATed IPv4 Internet"


C Swinburne | CRICOS number 00111D | Contact Us | Copyright and disclaimer | Privacy; | Feedback | Accessibility Information | - Smaller Font | + Larger Font
Last Updated: Monday 30-Mar-2015 17:57:57 AEDT | Maintained by: Sebastian Zander (szander@swin.edu.au) | Authorised by: Grenville Armitage ( garmitage@swin.edu.au)