Determining download time

• Each page has multiple components

• Need to identify which components belong together

• Can’t just look for traffic bursts (Medusa: 2sec)

• Need the analysis to cope with standard browsing

  • Multiple sessions, background downloads, etc.

• Identify flow by port

  • Track sub flows using http’s ‘referer’ attribute

• Timestamp accurately using tcpdump