| More stronger evidence from reddit comments: http://www.reddit.com/r/technology/comments/1y4za5/steams_va... "
Yes, with some simple wireshark analysis you can see it is being sent back. Use wireshark, join a local TF2 server, try and isolate the VAC IP address (they are not static, but use rDNS & whois the IP). Go by process of elimination. Happy to give you pointers if anyone is interested. Use wireshark and monitor the SSL communications of VAC for the first minute. Record the total size of outgoing packets (for me, I got 1.94 MB and 1.88 MB on my two tries -- the first time you join a VAC server and when modules update it's likely to be higher as it downloads it's modules). note: Keep everything else constant - like what windows you have open, what processes you have running, etc. Bloat your DNS cache. (What I did was edit my hosts file, used a script to add over 20k hosts [careful actually crashed notepad when I tried to read it]) Repeat step 1 and 2. I got 2.47 MB and 2.58 MB on two tries (first min of outgoing packets). This increase seems to be twice the amount 20k of MD5 hashes would take. Maybe a bug is causing it to be sent twice? Clear your hosts file, flush dns cache. Repeat step 1 and 2 again. I got 1.99 MB." |