Conditions

In order to make the technology applicable to encrypted communications in the future and because of concerns regarding privacy issues, we do not use the message content of the TCP packets, but we principally use the time stamps of the packets and the sizes of the TCP packets. At this point we must explain more about the sequence numbers of the packets at different connections in the same chain.

The cumulative TCP data bytes transmitted since the start of a connection is measured by the sequence numbers in the TCP headers [3,7]. The sequence numbers are 32-bit integers assigned to the data bytes in the packets belonging to a particular connection. The initial sequence number for a connection is randomly determined at the establishment of the connection, and the number gets increased as data is transmitted using the connection. The sequence number field in the TCP header of a packet is the sequence number of the first data byte in the packet. Since an upstream connection generally starts earlier and stops later than a downstream connection on the same chain, we can filter out connections which transfer fewer data bytes than a given connection does to help identify possible upstream connections of the given one.