While you're at it, another source for traffic analysis is DNS requests;

dns requests are not generally logged, so i guess you're considering a generalized net snooper in your threat model, in which case discovery of dns requests is the least of your concerns. peter