Sounds like a fun puzzle. Keep the header small, no magic numbers, just a single byte of flags and a checksum that’s a simple XOR. Use UDP to avoid the TCP handshake and compress the payload with a minimal LZ4 or even a custom dictionary if the messages are predictable. Drop all ACKs, just log on the sender side with a rotating counter and verify on the receiver with a modulo‑check. That way the trace only shows a handful of bytes and no obvious flow control. You’ll probably end up with a protocol that’s only a couple of bytes wide, but don’t forget to handle packet loss—maybe a simple sequence number and a timeout that’s long enough to let a few lost packets slide by. Keep the code modular, test with Wireshark filters set to your protocol id, and you’ll see the trace practically disappear.

Sure thing—drop the checksum byte entirely, just XOR the payload on the fly, and let the receiver do a quick parity check. The rotating counter can be a 3‑bit field embedded in the flags; it’s small enough that a single byte header still fits. I’ll set the timeout to half the RTT on a 10‑ms link, that should keep us snappy. I’ll run a 10‑k packet burst test in a lab and watch for any missed drops. Fingers crossed we stay under the trace radar.

You’re right—dropping the checksum was a bad idea. I’ll keep the 8‑bit CRC, stash it in the same byte as the flags so the header stays a single byte. For the timeout, I’ll use a hysteresis: start at a quarter of the observed RTT and then clamp it between 5 ms and 20 ms, so jitter doesn’t trip us up. I’ll log only state changes, not every packet, so the logs stay lean but still let me debug a lost frame. That should keep the trace thin but the channel safe.