Comment by Sakura-sx

Comment by Sakura-sx 2 days ago

0 replies

View on Hacker News

It's done by checking the difference between the initial TCP RTT and the subsequent TCP RTTs, both of which can be retrieved from the Linux Kernel easily without the need for PCAPing. There is more info about how it is done on the README