You might want to include mean/median/distribution of read/write IO
sizes on SSL connections; you might find 'normal' SSL accesses
(even with AJAXed stuff?) has different access patterns versus command-line
SSL.
Are there any fingerprint bits in the SSL exchange which would tell
you its at least SSL encrypted traffic, versus just traffic not tunneled
inside SSL? Thats probably a good starting point.
Adrian
Received on Mon May 28 2007 - 10:17:29 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT