Networked and Mobile Gaming, 2014/15

Assignment 1: Understanding Game Traffic

In this assignment, you are to collect packet traces of a real-time, interactive, multi-player game, and study the basic characteristic of network traffic from the game.  This assignment helps us understand what game traffic looks like (does it need a lot of bandwidth?  Are packets being sent frequently?  What is the size of packets being sent?) This is important for us to understand how the existing game protocol works, and will help us see the inadequacy of existing transport protocol in supporting most games.

Due Date

31 January, 2015 (Saturday), 2359


A 5-page report in PDF format, to be submitted into this IVLE workbin, with the filename A1_A0123456X.pdf, where A0123456X is your matriculation number.


This is an individual assignment.

Grading Rubrics

  • A+/A/A-: Correct, detailed, and careful analysis.  Correctly collected, and characterized in detail, the traces as required.  The report is detailed, well structured and well written.
  • B+/B/B-: Lack details.  Correctly collected traces, but may lack attention to detail; Only basic analysis is done.  The report lack details.
  • C+/C/C-: Incomplete/incorrect.  The collection is incomplete; Analysis is incorrect; Report is incomplete or hastily written.
  • F: No submission.

Your Task

Your task is to collect and analyze packet traces of a real-time, interactive, multi-player game of your choice. You should collect the traces at the client-side using tcpdump or equivalent tools (e.g., wireshark). The traces should be at least 10 minutes long, and involves different types of game activity (e.g., running, walking, shooting, interacting with other players).

From the traces that you collected, analyze the packets and characterize the traffic in terms of the following:

  1. What is the average in-coming and out-going throughput (bytes / second)?
  2. What is the average in-coming and out-going packet load (number of packets / second)?
  3. What are the transport protocols used? (UDP, or TCP, or both?)
  4. How many connections do you see?
  5. What are the distributions of the payload size for in-coming and out-going packets? (Plot a histogram) What is the average payload size?
  6. Any patterns observed when the game activity changes?
  7. Any periodic patterns (i.e., things that occur at regular interval) observed in the traffic?  You may have to zoom into millisecond level to observe this pattern.

The packets captured may include multiple types of data (such as audio chat). You may exclude those from your analysis (if possible). Focus only on game traffic pertaining to events and state updates.

In your report, you should describe clearly how you collect the data.


The following tools might be useful for this assignment:

  • tcpdump / windump
  • wireshark
  • tcptrace

You are free to use any other tools you are familiar with to analyze the packet trace.


You can pick any FPS, RTS, or MMORPG game you like, as long as it is a real-time multi-player games. If you do not own/play games, try to borrow it from a classmate who does. Furthermore, there are many free multi-player games available.


You can use any tools you like, such as R, MatLab, Microsoft Excel, Gnuplot, etc.


You should use this Word document template for your report, but feel free add your own sections/structure if you find this template limiting.

Late Submission Policy

One grade lower (e.g., A becomes A-, A- becomes B+) if you are late by a day.  Two grades lower if you are late by two days, etc.

If you have issues with meeting the deadline, talk to me BEFORE the deadline for a possibility of an extension.

Print Friendly


  1. Trung Hieu Nguyen

    January 13, 2015 at 11:35 pm

    Hi everyone,
    I am having a problem running Wireshark on Windows 8. I tried to install Wireshark (both 32 and 64 bit version), but whenever i run the problem, the error “Windows cannot find ‘C:\Program Files (x86)\Wireshark\Wireshark.exe'” popped up. However, the File Explorer shows that the file is there.
    The problem is exactly described here, but no solution provided:
    Can somebody help? :P

  2. Trung Hieu Nguyen

    January 14, 2015 at 9:46 pm

    Whoa actually

    Ooi Wei Tsang:

    “If I rename or make a copy of Wireshark.exe, called anything but Wireshark, it runs!”)

    Woah actually this helps :|
    Thank you :)

  3. Nguyen Trung Hieu

    January 15, 2015 at 1:23 pm

    Hello Prof. Wei Tsang,

    There are some observations / experiences I noticed when playing the game, but are hard to recreate (i.e: the game is contacting to both server and I want to terminate the connection to one of them without touching the other). In though case, may I just describe what happened in the player’s perspective, then combine with normal capturing information to suggest theory why it is so ?

    • Ooi Wei Tsang

      January 18, 2015 at 3:31 am

      Hieu, what you plan to do is fine with me.

      Note to all: sometimes you make observations that you can’t explain, please just make the best educated guess (or guesses) as to what happened.

  4. Hello Prof Wei Tsang,

    It is mentioned that the traces that we capture should be at least 10 minutes long, does that mean that it should be continuous or are we allowed to separate them?

    Thank you

    • Ooi Wei Tsang

      January 18, 2015 at 3:28 am

      Hi Sebastian,

      They can be separate traces, but you should try to cover a diverse set of scenarios. For instance, repeatedly playing the same level over-and-over until the trace is 10 minutes has little chance of giving new insights.

  5. Hi Prof Wei Tsang,

    Does the activities you mentioned need to be in the same order according to the timeline? eg. first min running, second min shooting.. for the 10min trace.

    Is there a min number of tine we have to do this 10min trace to collect the average data?


    • Ooi Wei Tsang

      January 25, 2015 at 10:11 am

      Angela, it does not have to be the same order. What I gave is just an example. There is also no minimum time for each activity, as long as it is sufficiently long for you to observe the corresponding packets in the trace.

      How long is sufficiently long? It depends on the game you choose.

  6. Hello Prof Wei Tsang,

    As I have asked during the last lecture, I felt that capturing packets for individual activities of 2 mins each ( fighting solo, fighting in team, raiding, pvp, etc) is more meaningful rather than capturing all of them together in a 10 minute file.

    As a result, I have 5-6 wireshark files now. May I know if I should select the best set of data and plot the histogram or should I plot 6 different histograms?

    Thank you.

    • Also, are there any recommended time scale we should use for the plotting of the histogram since plotting it in milliseconds will be rather large?

      Thank you

      • Hi Prof, adding on to what Sebastian has mentioned, I feel that capturing individual activities is more meaningful as well. I have captured at least 1min 30 secs for each activities. Is it okay if we keep different wireshark files for each activity and analyse separately?

        If I have tcp and udp protocols info for running around in a map, am I right that I will have to do all the calculations for the packets separately for tcp and udp?

        • Ooi Wei Tsang

          January 25, 2015 at 10:16 am

          If you find it easier to analyze separately, yes, please go ahead. If you have both TCP and UDP packets, they are likely used for different purposes, so it would be interesting to see if they exhibit the same characteristics.

      • Ooi Wei Tsang

        January 25, 2015 at 10:15 am

        Plot whatever you think will clearly show the phenomenon you would like to show.

        For instance, if you want to show periodic patterns in millisecond range, pick 5 seconds of data and plot it with x-axis in milliseconds. If you want to show effects of different activities, you may want to plot x-axis in seconds and show a few minutes of data.

    • Ooi Wei Tsang

      January 25, 2015 at 10:12 am

      Are they very different? If so, maybe useful to show each set of stats for each activity. If they are about the same, then showing average is good enough.

  7. Hi Prof, I’m having trouble finding the number of connections that are connected using Wireshark. I found the number of conversations that used in my transport protocol but I can’t be sure if it is the number of connections. Could you clarify with this matter?

    • Ooi Wei Tsang

      January 26, 2015 at 10:33 am

      Not sure if this answers your question: A TCP connection is uniquely identified by the tuple (source IP, source port, destination IP, destination port).

Leave a Reply

Your email address will not be published.


© 2017 CS4344

Theme by Anders NorenUp ↑


Follow this blog

Get every new post delivered right to your inbox.

Skip to toolbar