I am doing a project investigating the Discord Application with Wireshark. One question that I wanted to check was if sent message traffic behaved differently in large volumes. Spam basically.
The results from Wireshark showed an unexpected result when we started to spam a chat. The current TCP connection would be replaced by another one or complemented by another one. While in normal conversation it remained static.
Meaning: The conversation used say port 64950 the whole time till we started to spam and a new port was established and traffic sent there instead. It would then go back to the old port which remained connected.
Also the difference between how many packets the Sender transmitted relative to how many the receiver received changed. Expect the new port package the data more efficiently
Meaning: Normal 10 packets (sender) -> server -> 7 packets (receiver)
Spam: 2500 packets (sender) -> server -> 200 packets (receiver)
I am just wondering if anyone knows a name for the technique of TCP port switch during spam for further reading. I am stuck. Expect it is to prevent TCP Attacks. Also, Discord seems to use Cloudflare if it is of relevance.
Grateful for any guidance, thanks!
No comments:
Post a Comment