Daniel
Daniel
PostsComments
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
apparently content served over youtube shorts resolved to the network provider
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
The hard part is knowing which UDP packet came from which provider
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
my hope was that the video bandwidth generates enough UDP traffic to overshadow other communications.
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
Doeesnt look like downloads trigger UDP, HTTP/3 does though, you're right. Tested on facebook maily
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
what else would trigger udp, downloads?
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
this is accumulated of my entire network interface filtered for UDP
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
I'm relying on frequency analysis. I tought it falls under DPI, my bad
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
No description
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
but I can though detect udp packets
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
aaah can't find it
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
I'll show you some data I got one sec
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
then it would just be either youtube long or short videos I have to distinguish
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
what about reverse DNS lookups to narrow down the packet source
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
so tldr, is this idea crazy
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
good idea
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
another think I looked into is that youtube server all their videos using QUIC, for a long video it does buffered loading from the same ip, for youtube shorts it's a different ip every time
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
does that even count as DPI
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
Do you see any flaws in this approach
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
So here's the deal: loading short form content (Youtube shorts) triggers periodic packet spikes because of the data amount, the periodicity of this packet spike in theory can be linked with user scrolling an app
40 replies
CDCloudflare Developers
Created by Daniel on 2/27/2025 in #general-help
Packet Analysis Academic Research
and the data part is encrypted
40 replies