wireshark

I was waiting for someone to spam wireshark it did not take long:). The server would work on UDP, not TCP. So unless you have server 'status' access know admin or rcon on something then forget that as there is no handshake.
It's all server based.

You won't get his ip unless you resort to other methods.

Social Engineering would be your best bet as you're hardly going to be able to execute a man in the middle attack:>

You could simply ask whoever runs the server for it. You never know.

If you really cared, do a little research on his game tag, irc/msn/email, or get him to click a link that you've setup.

or just conclude its probably more hassle than its worth and its just a game.

Jamerio,

stop pretending to know what you're talking about.

- you know who (weak troll by the way)

Lol, my first job was at the uk's biggest Unix network using Irix on silicon graphics Indigo's for a games company. You were probably figuring out MSpaint then:) I THINK, ten years on I have learned enough to make such a fairly simple statement.
Oh and q3 on ipv6 has been possible for well over a year.

P.S
Just for you as I know this shit gives you a hardon.

Jamerio, stop. you don't know what you're talking about, and you really suck at trolling.

He's one of the greatest trolls to ever troll esr, shut the fuck up.
even though I was trolled just now. Fuck!

also: The Game.

FUCK
I JUST LOST

Yeah.. I mean he goes through the trouble of taking a picture with a book along the esr page with the comment. Now thats pro internet argument!

he'll probably go soft once he learns that Mitnick was more on the social-engineering side than hacking

it would be very difficult for me to get a hardon in this scenario. "kevin" and "mitnick" are not words I ever want to hear in the same sentence.

=/

HACKER!!!

it sounds like you mean that you have access to the server. if that's the case, then sure it's possible, assuming you are able to access whatever interface the data is coming in on. you will need root on a UNIX-based operating system, most likely; this can be achieved with tcpdump--Wireshark or Ettercap are overkill, though you can use them to try to map each individual player name to an address (that would be hard, and I don't think it would be very easy without having a thorough understanding of the Quake 3 protocol). if you don't have root, then it is not very likely, but you asked if it was possible. you may still have access to the server process, if it as running as your user, in which case you could access the process's memory, by whatever means (I don't have any good recommendations), or just force a password change yourself.

of course, you could also escalate to root or ask the administrator, if you had to. if you are not on the same network as the server and not logged into the server directly, it is nearly impossible, but of course it is not completely impossible. all you have to do is run a script to iterate through the IPv4 space and one of those 4 billion addresses will be the correct one!!, unless the server is running on IPv6 (I don't think Quake 3 supports that). if that is the case, good luck.

Uh, the OP implies that he's another player on the server - clearly if you had root access on the server you'd be able to get rcon access. You also wouldn't need it, as you could just look at the server logs directly. As another player, wireshark etc is useless to you because q3 comms are not peer-to-peer, so there's nothing to be gained looking at network traffic etc.

Jamerio is correct, social engineering / stalking is the only real way you can do this, without resorting to things like hacking the q3 server so that you can gain access to its server logs. The simple answer is the one everyone else gave - "no".

please do not pretend like you know what you're talking about. and if you're going to do it anyway, then try reading my post first. thanks.

Its very simple, would you like me to break it down into simple steps for you?

- Server talks to all clients.
- Each client talks to the server
- Clients do not talk to each other
- At at network level, the IP address of client A never passes through client B.
- Therefore, sniffing network data at client B can never tell you the IP address of client A

BTW, maybe its because you're a non-native speaker that you've misunderstood the OP. There is an implied "other" before the word players. Bludder does not run the server, he is a player on it, since if he ran it, he would have rcon access.

Holy fuck you clearly don't know how AnthonyJ is.

(he's trolling)

I know, but going by that standard i might as well quit my account

ROFL

tbh it would be incredibly easy to determine who was who based solely on packet information. I'm not sure why you think it's difficult.

I don't believe the packets will contain the information you require.

Not important. Just callvote kick them and see which packets stop coming :)

I still don't see how those packets will contain the information you require and if its as easy as you claim I'm sure you could less cryptic and explain yourself better than your current one liners.

If you're on a switch that goes to the server in question, you can snake packets meant for the server. Given this you know the ips of players. Assuming these packets don't contain the player id (unlikely), you can just kick people and see which packets stop coming. I'm not sure what's so confusing about that.

If, however, you're a client receiving packets from the server directly, and have no access to the packets going to the server then you're obviously SoL, however that's obviously not the interesting case.

Not the interesting case, and yet the chances of a player on a server he doesn't run who wants to randomly stalk / DDoS another player on the server happening to have access to a router in between the other player and the server are pretty close to zero.

BTW, if you were to sit listening to packets of data going to the server, you'd have to filter out all packets that are status requests from people refreshing server browsers (although thats relatively easy due to the -1 sequencenumber). And no, the packets to/from the server do not contain a client id afaik - you can check SV_PacketEvent() pretty easily to confirm that its using the IP address of the player to tie incoming data to a particular client. So your kick approach is about as good as you can get, and you'd better hope that the other players on the server are happy with you kicking them all in turn to work out who they are.

I wouldn't waste any more time of that precious brain of yours in this thread, go team up with arqon and cure quakecancer.

tbh the kick approach isn't the best, and I'm surprised you can't think outside the box on this one. If you're listening to the packets via MitM, and are just a passive observer, then upon first connection nick information etc will be sent to the server.

Let's say, for the sake of argument you miss the initial connections and only start collecting packets after you realize you want to find someone's ip (unlikely, but hey this is a completely theoretical situation anyway). Well that person WILL leave the server on their own. Given that, you should be able to (with some probability due to simultaneous disconnects) determine who belongs to which ip. This is further simplified by the fact that over time you will be able to correlate ips based on multiple games played by the user.

Honestly though I have no idea why you were talking about a "handshake" with tcp, and how that would help in determining the player's ip. Even if q3 used tcp, the handshake performed would not help you in the slightest to determine which player it belongs too, especially since these handshakes would only come from the server.

[Edit] I realize I managed to overlook your main concern, namely having access to a router / these packets I'm speaking of. As I said if you don't have access to these packets at all (i.e. you're a normal client joining a normal server), then you're fucked from the get go so there's no reason even discussing this. That's what makes this the interesting case, it is the only one where you can actually do something to determine someone else's ip.

Also your ability to DDoS someone increases the probability of being able to gain access to said routers by orders of magnitude.

1. I never mentiond tcp, so reply to jamero on that one.
2. The router case is my main point. this whole thread is a nona admin player asking how to get the ip. except in a clearly extremely unlikely case packet sniffing is a complete waste of time.
3. even if packet sniffing were an option, your new suggestion of watching the connection would require you deciding before the game that you wanted to ddos another player. even more unlikely.
4. even if all of the above flukely happens, and you capture data on a route between you and someone you never met before, then you are going to need to write some custom software to interprete the data given the complexity of the data going back and forth. You do know that the connect string hasnt been sent in plaintext since about 1.16, right? IIRC it is just huffman compression and an xor or sth, but good luck manually interpreting that.

all in all, im going to repeat the obvious. The simple answer of "wireshark" is clearly bs, and in all practical sneses, the answer is a straight "no". Jamerios suggestion of giving them a http://myserver.com/annakornikovaporn.jpg link for them to visit is far more likely to work than this far fetched bs you are coming up with.

If you're able to DDoS someone it's highly likely you're able to sniff their packets. Why? Because the ability to DDoS assumes a botnet of some kind. If you have a botnet, then that implies that you know how to get onto computers. This means that you could a) hack the server, or b) own everyone on irc's box. This was an implicit assumption I made which I thought was obvious. If you take this as obvious then your comment about a url becomes a duh. This, however, doesn't help you determine if that person is being smurfed for unless, again, you get that player's communication to the server, which I think was the original point of this thread.

I'm really not sure why you're so dead set against this as "impractical" when I said that it was in the first place. I will reiterate, however, that it is the only fucking interesting case out of this whole conversation, because the answer to anyone who has to ask this question is no.

You're an idiot.

Having a botnet means having the ability to post fake cracks/cheats on kazaa loaded with trojans, as I mentioned in another post, back when I used to be a faggot I had thousands of bots to play with, honestly the hardest part of running a botnet is finding an IRC server to put them on.

You swapped robots for cake :(

Cake is the only thing that gets rid of cockbreath.

Liam your argument makes no sense.

I say: "If you have a botnet, then that implies that you know how to get onto computers."

You say: "Having a botnet means having the ability to post fake cracks/cheats on kazaa loaded with trojans, as I mentioned in another post, back when I used to be a faggot I had thousands of bots to play with, honestly the hardest part of running a botnet is finding an IRC server to put them on."

So basically you know how to get onto computers, and you have a botnet. I'm not really sure why you're disagreeing with me.

How does it make it highly likely that you can sniff their packets though? I wouldn't say random stupid people running a virus you didn't create on their computers means you "know how to get onto computers" in the same way that I wouldn't say having sex with a retarded girl in a coma means you're "good at having sex with women"

The chance of convincing somebody who barely knows you to run an exe in a gaming environment is extremely slim.

If you're on their box, it's game over, you have access to not only every packet they send or receive, but also all of their running processes. This makes it very easy to determine if they're on a server or not.

Also as you said, http://random.website.with.bad.shit.us/omg.is.she.naked.mpg is a perfectly easy way to get onto a load of people's computers. Is it foolproof? No. Will it work in some instances? Given how freely most people click links on irc, absolutely.

Right that made no sense so I'm guessing we have crossed wires somewhere along the way. Let's just agree to degree.

KDAWG ALERT

That is an odd question

no

no

no

hi

no

well, maybe

yes

not really

you can ask him?

what's your ip adress?

apparently it's

192.168.2.21

NO WAY DUDE, I GOT THE SAME

CALLING THE COPS NOW!!!

AGHGHAGHAHGAHGAH

I remember packeting people with a botnet and how awesome I was, but then luckily I went to homorehab and was weinered off my cock addiction.

What about Smurf?

okej then case closed, now leave my thread.

52 replies although everything had been said after #5, gj esr