Generally, traffic analysis is done to identify one or more of the following: the kind of traffic being sent or received by the target, the contents of all or any traffic sent, and the origin and destination of the traffic. Traffic analyses can be generally classified into two major types, active and passive. A passive traffic analysis attack is one in which the attacker is able to monitor some or all of the network traffic entering or exiting a node, without altering the shape of that traffic in any discernable way[1]. Because the flow of the traffic is unaltered, passive traffic analysis can be extremely difficult to detect, even under the best circumstances. Of course, as the complexity of the network increases, likewise, it becomes increasing difficult (and expensive) to monitor traffic in this manner. This is, of course, assuming that there are enough producers of traffic, hereby referred to as senders, to make such an analysis infeasible without detection. To illustrate, consider mail sent via the US Postal service.

Suppose a government agency decides that they want to monitor a particular group

The link for this article located at Info Sec Writers is no longer available.