Professor, apologies for the confusion. I just want to confirm for the flow analysis, we only look at TCP and UDP flows only.
From the post above, it’s stated:
We want to know the portion of all IP flows that are TCP or UDP. Count the total number of IP flows, and then report which portion are UDP and which portion are TCP
However the project handout states that a flow is defined as only TCP and UDP:
To analyze flows, you need to reconstruct flows. We only define TCP and UDP flows. We define a set of packets as a flow if they have the same source IP, destination IP, source port, destination port, protocol, and the maximum packet inter‐arrival time between those packets is not more than 90 minutes.
The last answer in this thread also states:
Also note that source port and destination port are only defined for TCP and UDP packets
Does this not imply then that we only look at TCP and UDP flows since we need the source port and destination port to correctly identify a flow? Just wondering where this part fits in:
Count the total number of IP flows, and then report which portion are UDP and which portion are TCP
I was assuming the total (ie. all flows) meant UDP flows + TCP flows, but it looks like this is not the case from the answer above. Would it be possible to get some clarification on the meaning of “all flows”?