Assessing Unknown Network Traffic

R. van de Meent, Aiko Pras

    Research output: Book/ReportReportProfessional

    25 Downloads (Pure)

    Abstract

    Recent measurements have shown that a growing fraction of all Internet traffic is unknown: it is unclear which applications are causing the traffic. Therefore we have developed and applied a novel methodology to find out what applications are running on the network. This methodology is based on the notion of ¿induced traffic¿: traffic cannot (wide-scale) be on unknown ports, thus, the hypothesis is that such traffic on unknown ports should be preceeded by traffic on known ports between the same peers. We have developed and implemented an algorithm to test this hypothesis. After applying the algorithm in two case studies we, unfortunately, have to conclude that although some improvement is made, there is still a significant fraction of traffic unidentifiable.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherArchitecture group (ARCH)
    Number of pages12
    Publication statusPublished - Feb 2004

    Publication series

    NameCTIT technical reports
    PublisherUniversity of Twente, Centre for Telematics and Information Technology (CTIT)
    No.04-11

    Keywords

    • METIS-218181
    • IR-47585
    • EWI-5793

    Cite this

    van de Meent, R., & Pras, A. (2004). Assessing Unknown Network Traffic. (CTIT technical reports; No. 04-11). Enschede: Architecture group (ARCH).