Most recent edit on 2008-02-21 14:05:54 by MatthewToseland [link to hardstego]
Additions:
See HardStego for countermeasures.
Oldest known version of this page was edited on 2007-02-07 17:08:08 by MatthewToseland []
Page view:
Traffic Flow Analysis
Traffic flow analysis is the process of analysing network traffic, not looking for specific bytes in the payload of a packet to identify a protocol, but looking for longer term patterns that can identify nodes. For example, a node will typically have long-lived UDP connections to a small, and largely fixed, number of other nodes.
Paper about how this is depressingly easy:
here∞.
Note that it may in fact be a little harder than is described above; all high end routers can output the records required, but analysis would probably have to be done on a separate computer, which may have to be fairly powerful, or the routers may have performance issues.