A. Field of the Invention
The present invention relates generally to network traffic analysis, and more specifically, to the monitoring of data transmitted over a wireless or wired network.
B. Description of Related Art
Communication networks typically include a number of interconnected communication devices. Connections among the devices in some communication networks are accomplished through physical wires or optical links. Such networks may be referred to as “wired” networks. Connections among the devices in other communication networks are accomplished through radio, infrared, or other wireless links. Such networks may be referred to as “wireless” networks.
In certain situations, operators of networks may desire to encrypt data packets transmitted on the network. Conventionally, a packet is a data unit that includes a header portion and a payload portion. The header portion includes control information used to route the packet in the network and the payload portion contains the content data the packet is delivering. Military applications are one example in which data packets are encrypted before being transmitted. This may include encrypting the payload portion of each packet so that the content of the communication cannot be understood by eavesdroppers.
Simply encrypting the payload portion of a packet still allows eavesdroppers to examine the packet header information, through which the eavesdropper may extract valuable information. For example, monitoring the flow of traffic patterns to and from network end-nodes (i.e., sources and destinations) along with the quantity of information transmitted between the end-nodes may allow an eavesdropper to gain valuable intelligence information from the wireless network. For example, a sudden burst of wireless network traffic between multiple known enemy tank groups may indicate that the tank groups are about to perform some type of coordinated action.
In order to restrict the ability of an eavesdropper to monitor traffic flow, routers in a network may encrypt the packet header information before transmitting the packet. Intercepted packets would, thus, have both their payload and header information encrypted, making it difficult for the eavesdropper to monitor traffic flow. Alternatively, the wireless network may be configured to support virtual private network (VPN) connections in which the originating and receiving network addresses are encrypted. This type of VPN also makes it difficult for an eavesdropper to monitor traffic flow.
In situations such as military encounters and in law enforcement, it can be desirable to monitor traffic flow over networks. Accordingly, there is a need in the art to be able to monitor traffic flow even when the address information of transmitted packets is encrypted.