[neilv]

This method even worked for Wiresharking all PS3 traffic in real time for a GTA Online session, running the tcpdump on a little plastic old mipsel SoC OpenWrt router that was also doing all the routing (not a passive sniffing box), without noticeable effect on gameplay. (I was trying to detect cheaters.)

BTW, for anyone new to tcpdump, you can also specify selectors/filtering on the command line, to reduce the traffic. The filtering in Wireshark is on top of that.

[kayoone]

online games are pretty low volume though, data is usually transmitted at a few Kbps per player. Just out of interest, how did you try to spot cheaters doing that?

[kodisha]

Not quite in their interest to publicly explain methods of how they detect cheaters :)

It's one of best guarded secrets in gaming industry.

[kayoone]

OP does not sound like he was actually working for Rockstar on GTA, more like a hobby project

[neilv]

Correct, not working for Rockstar. And I'm pretty sure R* stopped caring about cheaters ruining Online for last-gen console, shortly after that could push people to buy the game again, for current-gen. :)

[stjohnswarts]

Wouldn't they just cheat with some of the common methods and train some AI with the packet dumps to spot it?

[Something1234]

Perhaps he was looking for an abnormal amount of traffic, attempting to resend the same message, and hoping the server will do it multiple times in the same frame. I would guess trying to find spots where the client is overly trusted.

[gsich]

Game traffic is usually encrypted. How good depends on the game. So you might only see some packets with a larger payload and deduce stuff from there.