Most recent edit on 2007-02-07 17:09:12 by MatthewToseland
Additions:
See TrafficFlowAnalysis.
Deletions:
Edited on 2007-02-07 17:08:30 by MatthewToseland
Deletions:
Traffic Flow Analysis
Traffic flow analysis is the process of analysing network traffic, not looking for specific bytes in the payload of a packet to identify a protocol, but looking for longer term patterns that can identify nodes. For example, a node will typically have long-lived UDP connections to a small, and largely fixed, number of other nodes.
Paper about how this is depressingly easy: here∞.
Note that it may in fact be a little harder than is described above; all high end routers can output the records required, but analysis would probably have to be done on a separate computer, which may have to be fairly powerful, or the routers may have performance issues.
Oldest known version of this page was edited on 2007-02-07 17:02:57 by MatthewToseland []
Page view:
Traffic Flow Analysis
Traffic flow analysis is the process of analysing network traffic, not looking for specific bytes in the payload of a packet to identify a protocol, but looking for longer term patterns that can identify nodes. For example, a node will typically have long-lived UDP connections to a small, and largely fixed, number of other nodes.
Paper about how this is depressingly easy:
here∞.
Note that it may in fact be a little harder than is described above; all high end routers can output the records required, but analysis would probably have to be done on a separate computer, which may have to be fairly powerful, or the routers may have performance issues.