Traffic Flow Analysis
Traffic flow analysis is the process of analysing network traffic, not looking for specific bytes in the payload of a packet to identify a protocol, but looking for longer term patterns that can identify nodes. For example, a node will typically have long-lived UDP connections to a small, and largely fixed, number of other nodes.
Paper about how this is depressingly easy: here.
Note that it may in fact be a little harder than is described above; all high end routers can output the records required, but analysis would probably have to be done on a separate computer, which may have to be fairly powerful, or the routers may have performance issues.
See also
HardStego for countermeasures.
Network Traffic Control.
Darknet
