Previous Table of Contents Next RealPlayer RealPlayer allows you to view "streaming" video and audio from the Internet-without waiting for it to download. RealPlayer is easy to configure if you use one of its preconfigured proxies (see Figure 20.5). Unfortunately, most networks don't have a "RealPlayer PNA proxy" or a "RealPlayer RTSP proxy." Unless your business relies heavily on audio and video from the Web, it's very unlikely that management has decided to install such proxy servers. [20-05t.jpg] Figure 20.5 RealPlayer works best with its own proxies, but it does support an HTTP application proxy as well. An HTTP proxy is supported, and this is how you'll want to go if you have an HTTP proxy. However, I'm frequently asked how to configure RealPlayer for use over an "outgoing-only" socks 4 or 5 proxy server. Here's the scoop: For some reason, RealPlayer will not work with NEC's SocksCap32; either RealPlayer is using 16-bit network functionality or it works some nonstandard black magic with TCP/IP. How do I know that it doesn't work with the NEC client? I ran RealPlayer through the NEC socks client, and while it tried to connect, I ran netstat -a in a DOS window. I saw that RealPlayer was trying to directly contact the host on the Internet, because I saw a foreign IP address and a SYN_SENT socket state. (See Hour 18 for socket state details.) Had it talked properly to the NEC client, I would have seen a socket to my socks server in the ESTABLISHED state, or at worst, CLOSE_WAIT or TIME_WAIT. This would have told me that my problem was not with the client software. In any event, RealPlayer will work using the Hummingbird socks client. You'll still have to do some RealPlayer configuration, however. Socks 4 does not support UDP, and some socks 5 servers are not configured for any incoming connections at all. To get RealPlayer to work without touching your proxy server, you'll want to configure RealPlayer to use TCP connections only. You sacrifice some speed by doing this-TCP connections are slower than UDP connections-but who cares? See Figure 20.6 for the proper setup to make RealPlayer only use TCP connections. [20-06t.jpg] Figure 20.6 Sometimes you'll need to specify TCP-only connections for RealPlayer to work through a firewall. Game Strategy Some games are very well behaved. For example, Origin's Ultima Online is extremely proxy friendly. It uses TCP connections only, and it initiates the connection from the workstation-that is, from inside your network. As such, it will run from the NEC or Hummingbird socks launcher or through a packet-filtering firewall without a problem. I really like network toys that work like this-no muss, no fuss, no problem! Other games, such as Blizzard's StarCraft and Diablo, want you to open up incoming UDP and TCP sockets on your firewall. (All of Blizzard's Battle.Net games use TCP and UDP port 6112.) Again, they will not work on an "outgoing-only" firewall or a proxy server; they require incoming access to your network. Although I'm a huge StarCraft fan, I'm not a huge fan of opening up incoming ports on a firewall to allow game play. You've got to draw the line somewhere, I suppose. Of course, there are other things that will keep your network toys from working; don't forget basic black box troubleshooting strategies. In particular, you'll want to monitor system resources (some of these toys are resource hogs) and check, as we did in Hour 18, whether the server on the other side of the Internet is "listening" for connections. If you're able to telnet to the TCP port that a particular game uses (and TCP is the only thing it's trying to use), it's extremely unlikely that your firewall is interfering with the operation. Summary You can practice your network troubleshooting skills and create goodwill with your network users all at the same time. Network toys such as chat programs, streaming video and audio, and games are loads of fun to use on your network, but they are usually designed for home use or for a specific corporate customer. To successfully use these, you'll either need to enable their built-in proxy support, add an external client for proxy support, or fix your firewall to allow their socket numbers to pass through unmolested. If your company policy allows incoming connections, it's a simple matter to add additional ports to your firewall configuration. Nonetheless, I personally hate adding incoming ports merely for network play, because it's "unnecessary" diddling with a very important piece of network security equipment. You should think twice about doing this! Workshop Q&A Q How do I figure out which port a specific game or toy uses? A I'd be very surprised if the vendor didn't tell you. Still, some don't. You'll want to do the "difference" trick again to find out which port your Net toy uses. Dial into your personal Internet account, and type the following: netstat -a > before.txt Then run the game, stay connected, get back to a DOS prompt, and type this: netstat -a > after.txt fc before.txt after.txt You'll be rewarded with the socket number(s) that your game uses. This method has two drawbacks: UDP ports won't show up this way, because there is no "connection." Also, you have no idea whether there's a different TCP connection used at login versus during gameplay. If you must know exactly which ports your game uses-check out Hour 21, "Tell Me About Your Network: Network Analyzers," and use a network analyzer to capture the packets of a game session. You'll have to do this from your DMZ, unless you have a serial (dial-up) analyzer. At this point, you should ask yourself whether you really want to play that badly? Quiz 1. You can find the address of your proxy server by checking the ________________ while using a functional browser. A. socket pocket B. socket list C. route list D. route rocket 2. True or false? The Hummingbird socks client (versus the NEC socks client) applies to all applications that are run on the workstation on which it is installed. 3. We used an nslookup command to list all entries in a company's DNS zone. What was that command? A. netstat -rn company.com B. ls -la company.com C. ls -d company.com D. netstat -d company.com 4. An application can be configured to use UDP or TCP connections. In order to use this application with an outgoing-only firewall, you would have to configure the application to do what? A. Use TCP connections only B. Use UDP connections only C. Use both UDP and TCP connections D. Use neither UDP nor TCP connections Answers to Quiz Questions 1. B 2. True 3. C 4. A Previous Table of Contents Next