On 21 Dec 2006, in the Usenet newsgroup comp.os.linux.security, in article
<1166709499.840855.87190@79g2000cws.googlegroups.co m>, Andy C.(never #) wrote:

>This may be considered off topic for this news group,

No - it's on-topic.

>Is the Quake3 Protocol used for anything else other than playing Quake?

What do you mean by "Quake3 Protocol"? If you mean something spewing
UDP packets in the 26000-27000 port range, then the answer is a maybe.
If you mean it's something that 'ethereal' or 'wireshark' is identifying
the stuff as 'Quake3', then probably not.

>The reason I'm asking, is I occasionally run ethereal when I see the
>lights on my hub at work start to max out. And I've noticed that
>protocol showing up in the results.

If you look at ftp://ftp.iana.org/assignments/protocol-numbers, there is
no Quake (let alone Quake3) protocol. If you're making the decision based
on the port number being 26000/udp, or 27960/udp or similar, I suspect
that you need more evidence. While those ports are used for Quake
servers, there is no law/rule that any packet destined for that port
must be Quake. Not knowing what the packets or traffic look like, I can't
give you a plausible explanation of what they _might_ be, but obviously
they _could_ (not necessarily _are_) innocent. (How's that for treading
lightly?)

>I did nslookup on the ip address and it's one of the network admins. So,
>before I say anything, if I do, I want to have all my ducks in a row.

Where are you... IP says state-side. See that there is a _written_
company policy in place before you even think about it. This can run into
all kinds of nasty labor relations problems. Where is the traffic going?
Is it local - check the systems (wander on by and see what the displays
are showing). If it's going outside (where), who controls the firewall?

Old guy

Moe Trin wrote:
>SNIP
> What do you mean by "Quake3 Protocol"? If you mean something spewing
> UDP packets in the 26000-27000 port range, then the answer is a maybe.
> If you mean it's something that 'ethereal' or 'wireshark' is identifying
> the stuff as 'Quake3', then probably not.
After I do a capture, I do several sorts to get a better idea of what's
going on. First I sort by origin and make sure that it isn't any of my
machines that are spewing. Then I sort by protocol. Ethereal lists all
the usual suspects, TCP, UDP, ARP, STP, even IPX. In scrolling through
these sorts you can see what is hogging the intranet. That's how I came
across Quake3 protocol.

> Where are you... IP says state-side. See that there is a _written_
> company policy in place before you even think about it. This can run into
> all kinds of nasty labor relations problems. Where is the traffic going?
> Is it local - check the systems (wander on by and see what the displays
> are showing). If it's going outside (where), who controls the firewall?
Yes, totally US. Only been out of the country one time: walking day
trip to Mexico. Won't ever go back. Would really like to visit Canada.
Alberta and BC look like Wyoming on steroids.

But I digress. Yes, written company policy about misusing company
equipment. I could be doing it, too, except that I'm using the internet
to get information and most of it relates directly to my job duties. I
like playing games as much as the next guy, but when you do it at work
that's another matter. Plus, eventually, they're going to get curious
as to why everything seems to slow down at certain times of the day.

>
> Old guy

Thanks, again.

On 21 Dec 2006, in the Usenet newsgroup comp.os.linux.security, in article
<1166732546.533070.306610@i12g2000cwa.googlegroups. com>, Andy C.(never #)
wrote:

>Moe Trin wrote:

>> If you mean it's something that 'ethereal' or 'wireshark' is identifying
>> the stuff as 'Quake3', then probably not.

>After I do a capture, I do several sorts to get a better idea of what's
>going on. First I sort by origin and make sure that it isn't any of my
>machines that are spewing. Then I sort by protocol. Ethereal lists all
>the usual suspects, TCP, UDP, ARP, STP, even IPX.

Those are all defined protocols that can be carried in an IP packet. In
addition, there are over 180 different protocols besides IP that can be
found in an Ethernet frame.

>In scrolling through these sorts you can see what is hogging the intranet.
>That's how I came across Quake3 protocol.

Well, as stated there is no official protocol as such. If Ethereal is
identifying it as such, it would be because of characteristics of the
packet. I can't help there - we don't have that problem.

>> Where are you... IP says state-side.

>Yes, totally US. Only been out of the country one time: walking day
>trip to Mexico. Won't ever go back.

Border towns, any more than tourist traps, and (very often) "large"
cities are not representative of a country.

>Would really like to visit Canada. Alberta and BC look like Wyoming on
>steroids.

Do it! It's a cliche to say that there's a whole world out there, but
there is. In my mis-spent youth, I spent over ten years out there seeing
what there is to see while working overseas. There is a lot, and it's
worth seeing.

>But I digress. Yes, written company policy about misusing company
>equipment.

That's a legal requirement - the company can get in horribly deep weeds
if they take actions in the absence of such a policy that is at least
semi-actively enforced. Our employees know these policies, and know
that misuse isn't tolerated, so we don't have the problem. The only
non-business traffic on our wires is ten channels of "Internet Radio"
(because we're in buildings that basically block radio reception).
The employee association has set up computers in the break areas
(that are not connected to the company wires) for "personal" use. That's
how I often post to the newsgroups.

>I could be doing it, too, except that I'm using the internet to get
>information and most of it relates directly to my job duties.

It's one of the best sources of Linux support, and well worth while
for other services as well. We're allowed access to _read_ Usenet on
the job, but are not allowed to post (NDAs and all that).

>I like playing games as much as the next guy, but when you do it at work
>that's another matter. Plus, eventually, they're going to get curious
>as to why everything seems to slow down at certain times of the day.

When you spend most of your working day staring at the screen, playing
computer games is absolutely the _LAST_ thing on my list of exciting
things to be doing.

Old guy