Source: TesterHome Community

1. What Is a Game Protocol?

A game protocol serves as the core rule set for data communication between game clients and servers in online games.

2. How Games Transmit and Receive Protocol Packets

When a player triggers an in-game action such as clicking a button, the client will encapsulate user requests and corresponding parameters into a standard network packet following predefined rules, then deliver the packet to the server.

The server receives and parses the incoming packet to identify the specific action and parameters. It processes data according to built-in game logic, and returns the processing result in a new network packet. The client finally parses the returned data and presents content to players on the interface.

Two key points to note during data transmission:

• The server will discard and ignore all invalid request packets.
• The server can actively push packets to clients, for example, notifications for upcoming scheduled in-game events.

3. Common Network Protocols for Games

3.1 TCP (Transmission Control Protocol)

TCP is adopted by the majority of online games. It fits game scenarios that do not require ultra-low latency and can tolerate minor network delays.

Advantages

• Connection-oriented transmission with one-to-one communication, similar to a phone call
• High reliability to guarantee complete data delivery
• Data is transmitted in a fixed order
• Supports large-volume data transmission via stream mode
• Mature and easy to deploy

Disadvantages

• Consumes more system resources
• Requires relatively complex program architecture
• Causes noticeable latency during packet retransmission

3.2 UDP (User Datagram Protocol)

UDP is the preferred protocol for real-time competitive games including MOBA and FPS titles, as it effectively reduces transmission latency.

Advantages

• Fast data transmission speed
• Low resource consumption
• Simple structural design
• Supports one-to-one, one-to-many and many-to-many communication modes

Disadvantages

• Unreliable transmission with potential packet loss
• No guarantee for data delivery order
• Limited single packet data capacity
• Usually requires secondary custom development to optimize real-time performance

3.3 WebSocket

WebSocket is an application-layer protocol developed based on HTML5, which is widely applied to H5 games and WeChat Mini Games.

• Socket is a low-level encapsulation of TCP/IP rather than an independent protocol, while WebSocket comes with complete standard application programming interfaces.
• WebSocket establishes a stable TCP data channel between client and server through an HTTP handshake for subsequent data transmission.

Note: If you are not developing automated test bots, focus your work on server-side parameter verification instead of digging into underlying protocol implementation details.

4. Standard Structure of Game Protocol Packets

Most Socket-based game network packets follow a fixed structure. The exact fields may vary across different game projects, so always confirm details with development teams. A complete packet generally includes the following parts:

• Packet Length: The total byte size of the entire packet, used to check packet integrity.
• Protocol ID: A unique identification number that corresponds to a specific in-game action.
• Verification Code: A validation mechanism to check the legitimacy of packets between client and server.
• Protocol Parameters: Core business data for the triggered action. Supported data types include int, string, list and custom objects. Refer to the official protocol documentation for specific rules.

Important Reminder for TCP Transmission

TCP works in stream mode, which may lead to packet sticking — multiple independent packets are merged into one data stream. Developers use the Packet Length field to split the combined stream and extract complete single packets.

5. The Importance of Game Protocol Testing

Many access restrictions in games are only implemented on the client side. For instance, the client will block purchase requests and pop up an “Insufficient Funds” prompt when a player does not have enough in-game currency.

However, client-side restrictions only block operations on the local interface. They cannot prevent forged or repeated malicious packets from being sent to the server. Without strict server-side validation, attackers may exploit vulnerabilities to:

• Forge purchase packets to acquire items with zero in-game currency.
• Resend packets repeatedly during network congestion to duplicate in-game rewards or currency.

The core objective of protocol testing is to fully verify the accuracy and security of server-side business logic.

6. Packet Capture and Packet Injection

6.1 Packet Capture

Protocol analysis relies on monitoring data traffic between clients and servers to capture real network packets.

Commonly used capture tools:

• WPE (Dedicated for game packet capture)
• Fiddler
• Wireshark

6.2 Packet Injection

We take WPE as an example to illustrate the packet injection process:

1. Capture a target network packet.
2. Right-click the packet, select Send, and modify internal parameters.
3. Execute the send command to deliver the forged packet to the server.

Alternative testing methods:

• Development teams usually provide GM command interfaces for protocol testing.
• Custom testing tools are highly recommended. WPE has poor content readability, and GM commands are inefficient for batch testing.

7. Practical Methods for Protocol Analysis

Testing priorities should be placed on packets sent from clients to servers. Packets returned by the server only affect local interface display and will not change core server data.

The core testing idea is to bypass preset business prerequisites. In other words, send valid standard packets when the corresponding access conditions are not met. The typical test scenarios are listed below:

1. Unqualified character level: Test level-locked functions with a character below the required level.
2. Invalid time period: Access time-limited features outside the available time window.
3. Insufficient currency or attempts: Trigger purchase or gameplay requests without enough currency or remaining attempts, including dungeon challenges and other consumable gameplay.
4. Exceeded claim limit: Attempt to claim one-time rewards such as daily event rewards after collection.
5. Missing preconditions: Claim exclusive guild rewards without joining any guild.
6. Out-of-range parameters: Input values beyond the specified range, for example, entering 0 or 8 for a 7-day login reward parameter.
7. Violate special restrictions: Trigger distance-limited interactions, such as interacting with NPCs outside the effective range.

8. Protocol Test Case Design

There is no rigid standard format for protocol test cases. A qualified test case must clearly record protocol information as well as valid and invalid test conditions. You can refer to the template below:

9. Additional Optimization and Inspection Points

Apart from verifying the correctness of single packets, you also need to evaluate protocol efficiency and redundant content. These factors directly affect user experience and game performance.

• Remove invalid and redundant packets.
• Delete unnecessary parameters to reduce bandwidth consumption and improve data transmission speed.

If related rules are not covered by backend validation, add the following inspection items:

• Negative value test: Replace numeric parameters with negative values for verification.
• Incomplete packet test: Delete partial packet fields to test server stability and anti-attack capability.