Skip to content
Log in

Traffic fingerprinting

Definition

The process of identifying an application, protocol, or user action from statistical properties of an encrypted flow, such as packet size distributions, inter-arrival times, flow duration, and burst structure, without inspecting the payload. Machine-learning classifiers trained on known traffic samples are the most common implementation.

Related terms

Flow record
A summary record of a network conversation, typically recording source and destination IP addresses and ports, protocol, start time, duration, byte count...
JA3 fingerprint
An MD5 hash computed from selected fields of the TLS Client Hello: the TLS version, cipher suites, extensions, elliptic curves, and elliptic-curve...
Server Name Indication (SNI)
A TLS extension sent in plaintext in the Client Hello message that identifies the hostname the client intends to reach. SNI is...
SSL inspection (TLS interception)
A technique in which an intermediary device terminates an incoming TLS session, inspects the decrypted content, then re-encrypts and forwards it using...
SSLKEYLOGFILE
A file format, originally implemented in Mozilla Firefox and later adopted by Chrome and other browsers, that logs TLS session keys as...

Explained in

  • Encrypted Traffic AnalysisThe process of identifying an application, protocol, or user action from statistical properties of an encrypted flow, such as packet size distributions, inter-...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account