PC Terraria attempting to connect to 208.64.201.136:27030 at each startup. Why?

[Eggman2]

Hi folks,

As the title suggests, my copy of Terraria has begun to attempt connecting to 208.64.201.136:27030 every time I start it up. I believe this began in one of the recent, minor patches since 1.3. What is the game doing and how can I stop it?

Thanks,
Eggman

ps: for the sake of clarity, please don't respond unless you have good information. I really don't want my time to be wasted by people chiming in with, "why do you want to know?" type stuff. Thanks.

 

[critcodedtuna]

That's a Steam (Valve Software) network IP:

NetRange:  208.64.200.0 - 208.64.203.255
CIDR:  208.64.200.0/22
NetName:  VALVE-V4-1
NetHandle:  NET-208-64-200-0-1

Steam support reports 27030 as a potentially required port for Steam services.

Doing a packet inspection when I launch the game, I see a UDP connection to 162.254.193.46:27018, also a Valve IP address (probably geographically distributed). I figure it's probably just a DRM check and/or something to do with cloud synchronization. I'm fairly certain it's supposed to be happening, and there's no indication that anything detrimental or nefarious is going on.

 

[Eggman2]

Thanks for responding. Your information matches what I've found, but doesn't really help me stop this from happening nor explain why it is only happening as of latest patches. I have all cloud sync options disabled and I don't think it's DRM because 1) game would've also required it in the past and 2) the game functions 100% fine if the connection is blocked. As a general rule, if a network connection doesn't improve my experience I want to prevent it.

If anyone knows exactly what triggers this connection attempt or how to prevent it, I'd still like to know. Thank you.

Regards,
Egg

 

[critcodedtuna]

I decided to do a couple more tests, adding a wide-range UDP block rule for Terraria.exe, and doing additional captures. The conversation continued. Since Wireshark doesn't say a whole lot about the particular process generating the traffic, I did an extensive capture without Terraria running and saw that the conversation still occurs. Using the local port number, netstat -a -o -n indicates that the socket belongs to Steam.exe. (And for the record, I see the exact same sort of behavior on my Linux laptop with the Steam client running.)

So this appears to have absolutely nothing to do with Terraria and is some function of the Steam client and Valve's network. The behavior was probably the result of a Steam client update and is entirely coincidental to any Terraria updates. Since this traffic is neither created by Terraria nor specific to Terraria, I'd say this topic is probably out of scope for this support forum.

 

[Eggman2]

We must be looking at different network traffic, then, because this absolutely comes from the Terraria process. I would not have posted here if my issue were with Steam talking to Steam's servers. This is, like I said clearly in the first post, an attempt by Terraria to connect to the aforementioned address and port combination at startup. Maybe someone with deeper knowledge of Terraria's code and the changes in recent patches can chime in with an authoritative and useful answer.

 

[Marcus101RR]

Hi folks,

As the title suggests, my copy of Terraria has begun to attempt connecting to 208.64.201.136:27030 every time I start it up. I believe this began in one of the recent, minor patches since 1.3. What is the game doing and how can I stop it?

Thanks,
Eggman

ps: for the sake of clarity, please don't respond unless you have good information. I really don't want my time to be wasted by people chiming in with, "why do you want to know?" type stuff. Thanks.

My only questions are:

• Can you start Terraria?
• Are you able to play Single Player?
• Are you able to play Multiplayer?

Whatever IP bugs you, unless Terraria automatically goes to Join Multiplayer -> Inserts IP address without human interaction, I am curious to know why you care so much about this? If you have paranoia issues, my recommendation would be to stay off the internet... This a very strange question you are asking and completely out of context if it doesn't apply to the above 3 questions.

To answer the IP Question:

It belongs to the Steamworks system, which many games use when connecting players to matchmaking servers for Steam. Or in this case, when you host Terraria with Steam Multiplayer enabled. It most likely i used so that Friends on your list can join your game should they own the game as well.

NetRange: 208.64.200.0 - 208.64.203.255
CIDR: 208.64.200.0/22
NetName: VALVE-V4-1
NetHandle: NET-208-64-200-0-1
Parent: NET208 (NET-208-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS32590
Organization: Valve Corporation (VC-2)
RegDate: 2011-03-25
Updated: 2012-03-02
Ref: https://whois.arin.net/rest/net/NET-208-64-200-0-1

OrgName: Valve Corporation
OrgId: VC-2
Address: 10900 NE 4th St, Suite 500
City: Bellevue
StateProv: WA
PostalCode: 98004
Country: US
RegDate: 2010-11-12
Updated: 2010-11-12
Ref: https://whois.arin.net/rest/org/VC-2

OrgTechHandle: NGANM-ARIN
OrgTechName: Ngan, Milton
OrgTechPhone: +1-425-889-9642
OrgTechEmail:
OrgTechRef: https://whois.arin.net/rest/poc/NGANM-ARIN

OrgAbuseHandle: NGANM-ARIN
OrgAbuseName: Ngan, Milton
OrgAbusePhone: +1-425-889-9642
OrgAbuseEmail:
OrgAbuseRef: https://whois.arin.net/rest/poc/NGANM-ARIN

OrgNOCHandle: NGANM-ARIN
OrgNOCName: Ngan, Milton
OrgNOCPhone: +1-425-889-9642
OrgNOCEmail:
OrgNOCRef: https://whois.arin.net/rest/poc/NGANM-ARIN

Thanks for responding. Your information matches what I've found, but doesn't really help me stop this from happening nor explain why it is only happening as of latest patches. I have all cloud sync options disabled and I don't think it's DRM because 1) game would've also required it in the past and 2) the game functions 100% fine if the connection is blocked. As a general rule, if a network connection doesn't improve my experience I want to prevent it.

If anyone knows exactly what triggers this connection attempt or how to prevent it, I'd still like to know. Thank you.

Regards,
Egg

Refer to Windows Firewall and block Steam Connection.

Because Steam Achievements, Steam Sync, and Steam Friends (Steamworks) has been added to the game as of 1.3. You should ignore this and just play the game, you are at no security risk. However, if this is a problem, you can either invest in the GOG version of the game or you can use Windows Firewall to block Steam.

 

[Azu]

I am curious to know why you care so much about this?

Why can't he care about this? It wasn't showing up before one of the patches, is a strange occurrence, and goes unexplained unless you know specifically what the IP belongs to, so why can't he ask a question?

 

[Marcus101RR]

Thanks for responding. Your information matches what I've found, but doesn't really help me stop this from happening nor explain why it is only happening as of latest patches. I have all cloud sync options disabled and I don't think it's DRM because 1) game would've also required it in the past and 2) the game functions 100% fine if the connection is blocked. As a general rule, if a network connection doesn't improve my experience I want to prevent it.

If anyone knows exactly what triggers this connection attempt or how to prevent it, I'd still like to know. Thank you.

Regards,
Egg

Why can't he care about this? It wasn't showing up before one of the patches, is a strange occurrence, and goes unexplained unless you know specifically what the IP belongs to, so why can't he ask a question?

In common sense, almost everyone on here has a Steam Account, almost everyone on here surely has a few games on their account, and most likely most of those games are all Steam-based if not steamworks mutliplayer which in any case, this connection is seen. However, in order to see this connection physically, you would have to be eyeballing your Network. Which most normal users don't even know how to do, leaving speculation:

- You are extremely paranoid, and you know yourself around networking.
- You have a strange popup, error? Firewall notificaiton or network security error popup.

In any light, Steamworks is harmless and should not be needed for observation. You basically barking up the wrong tree cause its not gonna do anything other than render you from playing online and other steam features, which brings us to the point as to why "GOG" version exists in the first place.

 

[critcodedtuna]

Why can't he care about this?

Any user that concerned with micromanaging TCP/IP traffic should at least have somewhat better knowledge about diagnosing issues of this sort. Managing bodies and services like ICANN, IANA, DNS, and WHOIS exist for getting to the bottom of this. Doing a WHOIS lookup to confirm that it's a Valve address was the first thing I did.

It wasn't showing up before one of the patches,

Unqualified hearsay, actually. And was it a Terraria patch, or a Steam client patch? The last Terraria update was 1.3.1.1 on 31 May, nearly a whole month ago. So how recent is "recent"? Are we talking days, weeks, or months? In comparison, the most recent Steam client update was 15 June. It seems far more likely that he only just noticed the traffic for whatever reason and assigned causation where none exists. Based on the initial inquiry we know nothing about the discovery method, the protocol (TCP or UDP -- the difference is important), the analytic process, the firewall used to control traffic, or the method of remediation used for this probable non-problem. And based on the follow up replies, we still know nothing about any of this.

is a strange occurrence,

Also unqualified. I found analogous behavior with my Steam client intermittently talking to the Steam network, and I don't see anything about it that makes it particularly "strange". Likewise, I found absolutely no indication that Terraria.exe makes any remote connections on startup (using TCPView shows the process opening a grand total of zero sockets, inbound or outbound). I was even able to confirm that cloud synchronization is handled by Steam.exe (Terraria reads/writes a cache folder while running). I'm also fairly familiar with the game code and haven't found anything anywhere that substantiates the claim that Terraria is making unsolicited outgoing connections. The only part that appears to be even vaguely capable of doing something like that is the embedded Steamworks NET.dll, which has been the same version included since 1.3.0.2 (released 30 June 2015) -- which sort of goes against the whole "recent" claim.

and goes unexplained unless you know specifically what the IP belongs to,

Already addressed above and in previous posts.

so why can't he ask a question?

He's well within rights to ask a question. It would be an interesting question if it could be demonstrated that it's actually happening. If it's happening, it should be reproducible, and it's not -- or at least not in the way the question is stated. But the question doesn't get to exist in a vacuum and doesn't get immunity from inspection, criticism, or refutation. Now, if substantial proof of the claim arises, I'd be completely willing to follow that line of evidence to try to get to the bottom of it. But right now, "Yuh huh, because I said so!" isn't exactly actionable information.

 

[ManaUser]

Presumably you could stop it by uninstalling Steam and buying the GOG version instead.

 

[Marcus101RR]

Regardless, Any Steam game that uses Steamworks, Steam Sync, and achievements, will likely use a Steam IP connection to keep track of the protocol. It is reproduce able, I have it as well. Checked my Network connection list under Terraria.exe. Is it the same IP? Not always.

 

[Eggman2]

Please go away, Marcus. I tried to politely word my original post in such a way as to encourage posts from developers and exclude people with big mouths and small minds. I have a very good idea what you, specifically, do and do not know about the game and technical issues in general, and you are not going to be helpful here.

To everyone else, I am well aware that the address belongs to Valve. I don't care. If the game runs fine while this connection is blocked, then it is optional and I would like to find out more about why it is attempting to make network connections unbidden. I don't really appreciate the idle speculation and "it's OK because it's Valve, so ignore it" isn't what I'm looking for, either. If you can't contribute, please don't clutter the thread.

Thanks kindly,
Egg

 

[Xylia]

Please go away, Marcus. I tried to politely word my original post in such a way as to encourage posts from developers and exclude people with big mouths and small minds. I have a very good idea what you, specifically, do and do not know about the game and technical issues in general, and you are not going to be helpful here.

To everyone else, I am well aware that the address belongs to Valve. I don't care. If the game runs fine while this connection is blocked, then it is optional and I would like to find out more about why it is attempting to make network connections unbidden. I don't really appreciate the idle speculation and "it's OK because it's Valve, so ignore it" isn't what I'm looking for, either. If you can't contribute, please don't clutter the thread.

Thanks kindly,
Egg

Hey now, no need for the hostility.

Your question was already answered: Any game that has Steam Matchmaking probably uses this connection to "broadcast" game availability to Steam Friendlist so that people can join your games. When you start the game up, the game opens a connection and keeps it open during the session in case you host a Steam Multiplayer game and/or to let Steam know whether or not your game is open to join. That way, when someone on your friendlist right-clicks your name, Steam will know whether or not you are currently hosting a game so that it can tell the person right-clicking your name whether or not they can join. If you start a Singleplayer game, Or join someone else's game, Steam needs to know the answer is "No", therefore the connection remaining open during the play session.

This was most likely implemented during 1.3.0, back in June 2015 when Steam Multiplayer was introduced. You probably just didn't notice it back then. That, or Re-Logic decided that they would try to fix the "Joining Server...." Bug, maybe? I know I've seen that bug a few times (but I haven't tried hosting since before 1.3.1).

Either way, the hostility and telling people to "go away" is not appropriate for this forum, especially not when they answered your question adequately. It's a Valve IP, you've confirmed it yourself, it's harmless, it sends and receives very little if any traffic and it is not malicious whatsoever.

IMO, I'd recommend this thread for lock as the question has been answered.

 

[Marcus101RR]

Please go away, Marcus. I tried to politely word my original post in such a way as to encourage posts from developers and exclude people with big mouths and small minds. I have a very good idea what you, specifically, do and do not know about the game and technical issues in general, and you are not going to be helpful here.

To everyone else, I am well aware that the address belongs to Valve. I don't care. If the game runs fine while this connection is blocked, then it is optional and I would like to find out more about why it is attempting to make network connections unbidden. I don't really appreciate the idle speculation and "it's OK because it's Valve, so ignore it" isn't what I'm looking for, either. If you can't contribute, please don't clutter the thread.

Thanks kindly,
Egg

This is personal preference, although, this question was already answered on Steam Community forums numerous times. Everything has its consequences if you block those connections, that is a personal choice in your part, but it is also your job to figure out how to do it as there this no longer pertains to Terraria itself.

A reminder to those from Steam, by downloading games you are accepting the Terms and Conditions of your subscriptions. To put this bluntly, nothing is forbidden. It is not making any connections without your consent, you allowed this when you knew what you were getting.

You are just asking for trouble at this time and not accepting the answers. This is not a Terraria issue, this question should better suit you in this department, by contacting Steam Support.

I would recommend you take this to Steam if you have further issues.

Surely requesting lock so no more flames come into mind.

 

[Eggman2]

I worried when I created this thread that I would get exactly the kind of responses that I have. To wit: if I were willing to make plausible assumptions about what was going on and accept them blindly, I would not have attempted to reach out to the Redigit crew for information. I intentionally kept my reasons for desiring the information vague because I didn't want to get embroiled in debates over security or paranoia or whatever. I am not trying to preach security to anyone and don't think it is too much to ask to be treated in kind. Further, I'm astonished at the number of people that have felt compelled to chime in without having anything to offer with regard to my inquiry. Evidently, it was a mistake to reach out using this forum.

 

[Jeckel]

There is no need to tell people to go away, on either side. By the same token, if you are just going to tell the person the reasons why they shouldn't have asked the question, then kindly refrain from posting. This was a simple request for information and why the information is being request, paranoia, curiosity, or otherwise, is irrelevant beyond how it might possible bare on answering the question. There is no reason this should have turned into any sort of fight and that will stop right now.

As it stands, Eggman2, I believe that critcodedtuna's posts answer your question about as thoroughly as it will be answered. I also have some familiarity with the source code, though I'm sure not to the same level, and any connections being made to steam servers will be done through the steam client as Terraria making such connections on its own would cause differences with the GOG version that I have not come across.

 

[whismerhill]

I also have some familiarity with the source code, though I'm sure not to the same level, and any connections being made to steam servers will be done through the steam client as Terraria making such connections on its own would cause differences with the GOG version that I have not come across.

I know this is an old thread, but I still felt the need to chime in with a small bit of actual data :
my firewall is tightly handled, any application need to have the right to "speak out" & "hear in" (sending & recieving)
today my firewall popped up with terraria server connecting to that same IP. which it didn't do the previous 8 or so restarts of the same server. No idea what it was and due to how my firewall doesn't "pause" data requests and acts only AFTER (meaning for example, it blocks data, then warn me about it, I can then allow the piece of software, but then I'll probably have to retry or relaunch the software in question, unless the software retries on its own)
I'm not worried at all about this, but I got curious since the server is working just fine since a while, and suddenly this pops up xD
particularly since friends have been connecting to the server without problems.

Sorry for necroing.