Traffic Flow Analysis

Traffic flow analysis is the process of analysing network traffic, not looking for specific bytes in the payload of a packet to identify a protocol, but looking for longer term patterns that can identify nodes. For example, a node will typically have long-lived UDP connections to a small, and largely fixed, number of other nodes.

Paper about how this is depressingly easy: here∞.

Note that it may in fact be a little harder than is described above; all high end routers can output the records required, but analysis would probably have to be done on a separate computer, which may have to be fairly powerful, or the routers may have performance issues.

See HardStego for countermeasures.