Running the tracert command on Halo Infinite’s servers

I’ve always been fascinated by networking, and diving into the fundamentals of IT with academics only took that need to know further. It turns out games have been a great way of going hands on thanks to the incredibly powerful Wireshark (a free and open source packet sniffing application). Poking around at multiplayer games has been an awesome way to see how things play out in real time.

Most recently, following the path between my PC and a game’s servers with the tracert command has been a great way of understanding more about real world networking practices. The tracert command uses the Internet Control Message Protocol (ICMP) – a diagnostic protocol of the network layer – to map out each stop from your computer to an endpoint designated by you (IP address or domain name).

tracert halo infinite_

The cool thing about the tracert command is that it tells you the Round Trip Time (RTT) or ping for each stop along the path. You’ll also get a sense of Microsoft’s line of defense against DDoS attacks. To my understanding, ICMP does not require authentication since it is a connectionless protocol, and this makes it an option for those wanting to overwhelm external servers.

Because of this, I can only assume the tracert command stopped at what would be considered the network edge of Microsoft’s Azure servers. The server’s IP address of the Bot Bootcamp match I captured with Wireshark was located around Boydton, Virginia ( This is most likely the Azure East US 2 data center, as the latency of the match lined up with the in game ping reporting for East US 2 in The Master Chief Collection.

The last stop or hop of the tracert also landed in Boydton, Virginia ( And once it got there…I hit a brick wall. It was really, really cool to see happen in real time because it’s in line with what Microsoft describes on their Azure DDoS Protection page. Halo Infinite must authenticate each player when initially connecting to the servers in game. But I do wonder if spoofing the state of a loaded application is just one of the many ways attackers go on to overwhelm servers with something like the ICMP protocol.

Leave a Comment