Flashnolan314
asked on
TCP Packet analysis of MMO game traffic
Friend came to me with issues of lag in an MMO game that they play (Final Fantasy 14). They would like to know where the issue is happening: host side, network, server side, etc. I personally am interested in the process: how to break down what I am seeing so that I can make sense of where the problem might be.
I can go to TCP Stream analysis and see the Stevens graph. I understand that flat spots in the graph are bad, but I'm not sure what to make of it. I have watched several video from packetbomb.com, but I am still not quite sure where to point the finger.
All of the traffic from the game seems to be TCP so I filtered the results for those. The game servers are IP: 199.91.189.37 or .38. However, in the second trace they are using wtfast.com as a VPN to tunnel their traffic. Therefore, they are directing their traffic to the VPN's IP not the game server.
A capture made when things seemed to be working well on my PC:
https://www.dropbox.com/s/9bjigh5p0fww75k/Typical%20FFXIV.pcapng?dl=0
A capture made from my friend. Several times they got the "lag" symbol in game.
https://www.dropbox.com/s/tlt95xnbsg8igdg/Bad%20Lag.pcapng?dl=0
Optimizations that I have read about on the Internet:
Would you recommend to disable Neagle's algorithm (TCPNoDelay)? Some claim this optimizes the stack for these type of game packets. How about TCPAckFrequency. Will ACK every packet and not ACK in groups.
I can go to TCP Stream analysis and see the Stevens graph. I understand that flat spots in the graph are bad, but I'm not sure what to make of it. I have watched several video from packetbomb.com, but I am still not quite sure where to point the finger.
All of the traffic from the game seems to be TCP so I filtered the results for those. The game servers are IP: 199.91.189.37 or .38. However, in the second trace they are using wtfast.com as a VPN to tunnel their traffic. Therefore, they are directing their traffic to the VPN's IP not the game server.
A capture made when things seemed to be working well on my PC:
https://www.dropbox.com/s/9bjigh5p0fww75k/Typical%20FFXIV.pcapng?dl=0
A capture made from my friend. Several times they got the "lag" symbol in game.
https://www.dropbox.com/s/tlt95xnbsg8igdg/Bad%20Lag.pcapng?dl=0
Optimizations that I have read about on the Internet:
Would you recommend to disable Neagle's algorithm (TCPNoDelay)? Some claim this optimizes the stack for these type of game packets. How about TCPAckFrequency. Will ACK every packet and not ACK in groups.
ASKER
The PC I am told is connected by wifi. As I said in my original post I am looking for packet analysis more than I am concerned with troubleshooting. If I can understand what the packets are indicating then I can focus my troubleshooting there.
This means hardcode network analysis, which is out of my scope.
Just a simple test: let him play when connected by cable..
Just a simple test: let him play when connected by cable..
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the delay.
Was the same Internet connection being used for both traces?
A: No. The "my PC" trace was just to give an idea what it "should" look like. The "my friend" capture was on a different PC connected to a different router on a different ISP connection.
What is the Internet speed (upload and download)? If two different connections were used we need to the speed for both know both.
A: Theoretical or measured with a site like speedtest?
According to speedtest the "my PC" connection is 7.5Mbps/1.49Mbps
I would have to get back to you about the "my friend" connection.
We know your friend was connected via WiFi. How was your computer connected?
A: Hardwired to a switch. This switch is hardwired to my router. The router is connected to the modem.
How many other devices (computers, phones, tables, T.V.s, etc.) were connected to the same WAP and what were they doing?
A: The "my friend" PC was not doing anything else. Beyond that I have no idea, but I can ask. It is a "shared" router so I have no idea.
You also have the overhead of the proxy server in the second situation.
A: I wish we had disabled the VPN to be a more apples-to-apples; I didn't realize that it was running on their PC until I looked at the wireshark trace. It made isolating the traffic a little harder. The whole point of the VPN service that offer for gamers is to speed up connections and lower latency. They seem to monitor this by pinging the enpoint game server without the VPN and comparing this somehow to the traffic in the VPN. Then they give a "score" to show what % increase you are "gaining". So to your point I wonder if the additional VPN overhead is offset by dedicated routers for tunneling this traffic.
I'll need to look at the captures to see if there is anything I can see. One thing I would look for is a wide gap between the receiving of packets, sending of ack and then receiving the next packet.
A: Let me know if there is any more information that I can assist you with.
Was the same Internet connection being used for both traces?
A: No. The "my PC" trace was just to give an idea what it "should" look like. The "my friend" capture was on a different PC connected to a different router on a different ISP connection.
What is the Internet speed (upload and download)? If two different connections were used we need to the speed for both know both.
A: Theoretical or measured with a site like speedtest?
According to speedtest the "my PC" connection is 7.5Mbps/1.49Mbps
I would have to get back to you about the "my friend" connection.
We know your friend was connected via WiFi. How was your computer connected?
A: Hardwired to a switch. This switch is hardwired to my router. The router is connected to the modem.
How many other devices (computers, phones, tables, T.V.s, etc.) were connected to the same WAP and what were they doing?
A: The "my friend" PC was not doing anything else. Beyond that I have no idea, but I can ask. It is a "shared" router so I have no idea.
You also have the overhead of the proxy server in the second situation.
A: I wish we had disabled the VPN to be a more apples-to-apples; I didn't realize that it was running on their PC until I looked at the wireshark trace. It made isolating the traffic a little harder. The whole point of the VPN service that offer for gamers is to speed up connections and lower latency. They seem to monitor this by pinging the enpoint game server without the VPN and comparing this somehow to the traffic in the VPN. Then they give a "score" to show what % increase you are "gaining". So to your point I wonder if the additional VPN overhead is offset by dedicated routers for tunneling this traffic.
I'll need to look at the captures to see if there is anything I can see. One thing I would look for is a wide gap between the receiving of packets, sending of ack and then receiving the next packet.
A: Let me know if there is any more information that I can assist you with.
I have seen a few articles about how a VPN can speed up games for gamers. However I'm not sure they work. You see latency is based on a combination of distance and how busy each link is between each hop. A VPN server can't make the path between the your PC and the game server.
Now it could reduce path busy if the VPN provider has built a private network that does not traverse the Internet, but I doubt very much too many, if any, VPN providers have built private networks for gaming purposes.
Now it could reduce path busy if the VPN provider has built a private network that does not traverse the Internet, but I doubt very much too many, if any, VPN providers have built private networks for gaming purposes.
ASKER
There are actually several VPN built for gaming purposes: wtfast and pingzapper to name two. My friend was using wtfast at the time, but their connection is bad without it as well.
Yes, I know there are server VPN's out there that make claims they can improve performance for online games.
My point is that latency can't be eliminated and can only be reduced by so much. If you are "1,000" miles away from the game server, nothing can make it perform as if it was in your home.
The 1st part of latency is distance. No matter what you do, you can't overcome physics. We can't speed up electricity/light, it only goes so fast not matter what.
The 2nd part of latency is the amount of traffic that is traveling over the same path. A VPN tunnel that is 100% over the Internet does not reduce the amount of traffic on the Internet. In fact the real purpose of a VPN is to encrypt the traffic as it flows over a public network so that nobody can see "my traffic."
VPN's don't speed anything up, unless they bypass the public Internet at some point and travel over a private network where there is less traffic.
My point is that latency can't be eliminated and can only be reduced by so much. If you are "1,000" miles away from the game server, nothing can make it perform as if it was in your home.
The 1st part of latency is distance. No matter what you do, you can't overcome physics. We can't speed up electricity/light, it only goes so fast not matter what.
The 2nd part of latency is the amount of traffic that is traveling over the same path. A VPN tunnel that is 100% over the Internet does not reduce the amount of traffic on the Internet. In fact the real purpose of a VPN is to encrypt the traffic as it flows over a public network so that nobody can see "my traffic."
VPN's don't speed anything up, unless they bypass the public Internet at some point and travel over a private network where there is less traffic.
ASKER
@giltjr you wrote"I'll need to look at the captures to see if there is anything I can see."
Could I ask if you have had a chance to take a look at them?
Could I ask if you have had a chance to take a look at them?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Never really got a full answer as to the original issue at hand. It seemed to be a physical issue from the laptop to the wifi router. I had limited information and giltjr helped as much as he could.
Also take a lookt at the router, maybe it has some QoS active, which interfers with MMO traffic.
Cause normally you don't have to change anything in the local TCP/IP stack.
btw, just to be sure, his machine is connected by cable to the router?