Loren James Rittle wrote: | >Most | >presumably use a mix of a UDP data connection and tcp for control | >functions. | | OK, everything after the IP header is encrypted. I don't even know | which protocol is in use. Are you willing to play Mallet? Drop IP packets, and look for duplicates. Those are TCP. (IPSEC might handle this, but I bet there will be broken implementations that save time by resending.) | >They all consist of high volume, long duration connections | >(or data flows in the case of UDP.) Many probably use a standardized | >destination port. | | OK, everything after the IP header is encrypted. I don't know | which port is in use. Which doesn't change the nature of the data, which is: Alice sends long (3-60 second) heavy flows to Bob. Alice's flow stops, Bobs picks up. repeat. | In short, assuming IPSEC, the data stream cannot be easily found. | Slightly different assumptions led to a radically different outcome. First, assume a can opener. :) Actually, I'll bet you I can pick out your encrypted data for the common case, which will continue to be a modem, which can't handle heavy back traffic flows for the sake of hiding who is speaking. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume