Recent measurements have shown that a growing fraction of all Internet traffic is unknown: it is unclear which applications are causing the traffic. Therefore we have developed and applied a novel methodology to find out what applications are running on the network. This methodology is based on the notion of ¿induced traffic¿: traffic cannot (wide-scale) be on unknown ports, thus,
the hypothesis is that such traffic on unknown ports should be preceeded by traffic on known ports between the same peers. We have developed and implemented an algorithm to test this hypothesis. After applying the algorithm in two case studies we, unfortunately, have to conclude that although some improvement is made, there is still a significant fraction of traffic unidentifiable.
|Place of Publication||Enschede|
|Publisher||Architecture group (ARCH)|
|Number of pages||12|
|Publication status||Published - Feb 2004|
|Name||CTIT technical reports|
|Publisher||University of Twente, Centre for Telematics and Information Technology (CTIT)|