Skip to content

Traffic Flow Analysis

Jump to bottom Edit New page
Stephen Oliver edited this page Aug 13, 2016 · 1 revision

The process of analyzing network traffic to look for long term patterns that can identify nodes.

For example, a node will typically have long-lived UDP connections to a small, and largely fixed, number of other nodes.

An article in SecurityFocus, which has now dropped off the web, seemed to imply this is very easy and can be done with most modern routers. A paper on this is here.

Note that it may actually be a little harder than is described above; all high end routers can output the records required, but analysis would probably have to be done on a separate computer, which may have to be fairly powerful, or the routers may have performance issues.

See also

Add a custom footer
Add a custom sidebar
Clone this wiki locally