Rich,

Here's a list of the ports "typically" used by some of the most popular
online games currently. I do stress typically because they are ephemeral
ports after all and are subject to change. The ports are UDP unless
otherwise stated. So here they are:

 
Half Life, TFC:
any to or from 27005
any to or from 27015
any to or from 27016

Quake 3: Arena:
any to or from 26000, 27000, 27910, 27960
 
Starcraft:
any to or from 6112
 
Quake II:
any to or from 27901
any to or from 27910
 
QuakeWorld:
any to or from 27500
any to or from 27001

Unreal:
any to or from 7777

Diablo2 and Battlenet:
any to or from 6112
any to or from TCP 116, 118

I got some of these from your brethren at NASA... here's the link:
http://www.caida.org/analysis/AIX/. The others I know from experience
*cough* I mean I've seen them used :)

BTW: No one plays DOOM anymore, but if they did, I think it operates on UDP
port 666.

Hope this helps,

 Michael John Gilles
 Lead Security Engineer, MCSE
 Ext. 204
 616.901.9720 mobile
 mike.gillesitmtech.com
 
 ITM Technology, LLC.
 5940 Tahoe DR. S.E. Suite 110
 Grand Rapids, MI 49546
 616.464.1361 office
 616.464.1362 fax

-----Original Message-----
From: Richard.CTR.Mickeytc.faa.gov
[mailto:Richard.CTR.Mickeytc.faa.gov]
Sent: Thursday, January 03, 2002 10:39 AM
To: focus-idssecurityfocus.com
Subject: how can I track networked games

I would like to watch for networked games (such as Doom), but it seems they
use a multitude of options for connecting. I found clients that connect via
IPX, TCP, UDP and Server side Java applets just poking around the Internet.

Any help with Snort rules or general strategies for monitoring these will be
appreciated.

Thanks in Advance.

Rich

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]