Traffic classification

Traffic classification is an automated process which categorises computer network traffic according to various parameters (for example, based on port number or protocol) into a number of traffic classes. Each resulting traffic class can be treated differently in order to differentiate the service implied for the data generator or consumer. Packets are classified to be differently processed by the network scheduler. Upon classifying a traffic flow using a particular protocol, a predetermined policy can be applied to it and other flows to either guarantee a certain quality (as with VoIP or media streaming service) or to provide best-effort delivery. This may be applied at the ingress point (the point at which traffic enters the network, typically an edge device) with a granularity that allows traffic management mechanisms to separate traffic into individual flows and queue, police and shape them differently. Classification is achieved by various means. Fast Low resource-consuming Supported by many network devices Does not implement the application-layer payload, so it does not compromise the users' privacy Useful only for the applications and services, which use fixed port numbers Easy to cheat by changing the port number in the system Inspects the actual payload of the packet Detects the applications and services regardless of the port number, on which they operate Slow Requires a lot of processing power Signatures must be kept up to date, as the applications change very frequently Encryption makes this method impossible in many cases Matching bit patterns of data to those of known protocols is a simple widely used technique. An example to match the BitTorrent protocol handshaking phase would be a check to see if a packet began with character 19 which was then followed by the 19-byte string 'BitTorrent protocol'. A comprehensive comparison of various network traffic classifiers, which depend on Deep Packet Inspection (PACE, OpenDPI, 4 different configurations of L7-filter, NDPI, Libprotoident, and Cisco NBAR), is shown in the Independent Comparison of Popular DPI Tools for Traffic Classification.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (39)

Related people (15)

Related units (12)

Related concepts (4)

Related lectures (2)

Network scheduler

A network scheduler, also called packet scheduler, queueing discipline (qdisc) or queueing algorithm, is an arbiter on a node in a packet switching communication network. It manages the sequence of network packets in the transmit and receive queues of the protocol stack and network interface controller. There are several network schedulers available for the different operating systems, that implement many of the existing network scheduling algorithms. The network scheduler logic decides which network packet to forward next.

Differentiated services

Differentiated services or DiffServ is a computer networking architecture that specifies a mechanism for classifying and managing network traffic and providing quality of service (QoS) on modern IP networks. DiffServ can, for example, be used to provide low-latency to critical network traffic such as voice or streaming media while providing best-effort service to non-critical services such as web traffic or s. DiffServ uses a 6-bit differentiated services code point (DSCP) in the 8-bit differentiated services field (DS field) in the IP header for packet classification purposes.

Quality of service

Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitatively measure quality of service, several related aspects of the network service are often considered, such as packet loss, bit rate, throughput, transmission delay, availability, jitter, etc.

, ,

Network neutrality is important for users, content providers, policymakers, and regulators interested in understanding how network providers differentiate performance. When determining whether a network differentiates against certain traffic, it is importa ...

2023

We are used to defining network neutrality as absence of traffic differentiation, like policing or shaping. These mechanisms, however, are often not what determines end-users’ quality of experience (QoE). Most content today is accessed through edge caches, ...

ACM Association for Computing Machinery2023

Time-sensitive networks provide worst-case guarantees for applications in domains such as the automobile, automation, avionics, and the space industries. A violation of these guarantees can cause considerable financial loss and serious damage to human live ...

EPFL2023

Censorship Resistance: Tor Bridges & ScrambleSuit CS-523: Advanced topics on privacy enhancing technologies

Explores Tor bridges enumeration, ScrambleSuit for censorship resistance, and mimicking whitelisted applications like Skype.

Monitoring with Icinga2

Explores the monitoring of a new VM and the use of Icinga2 for critical alerts and incident management.