Think of regular internet as postcards, secure web traffic as those window envelopes that are easy to recognize, and most vpn traffic as bubblewrap envelopes.
You read the postcards, and build a list of sender/receivers that communicate stuff you don't approve of.
You can use that list to block window envelopes of encrypted web traffic - you don't know what's in the envelope, but you have a pretty good idea who's talking to whom.
Now, the bubblewrap envelopes - they don't sort quite like other envelopes, they're a bit heavier. Maybe they're going to an unknown recipient, and you think that's odd. They look a bit different. Put those recipients on a list. One gets too high, maybe block them and see if anyone you care about complain.
Now, clearly, people will figure out a way to make their bubblewrap envelopes look like the regular business envelopes with windows. Look like secure web traffic.
But traffic patterns are likely to look different for streaming and peer-to-peer. You might have an idea of who you'd like to enable streaming media from.
In short - you can use pure traffic analysis to make an educated guess about the nature of a data stream. Packet size, frequency, bandwidth, participants (ip addresses).
Some packages says "VPN" clearly on the side. Some pretend to be HTTPS traffic. The latter might get through, some of the time.
(Not an attempt at summarizing the video, just an attempt at an analogy for packet inspection)
You read the postcards, and build a list of sender/receivers that communicate stuff you don't approve of.
You can use that list to block window envelopes of encrypted web traffic - you don't know what's in the envelope, but you have a pretty good idea who's talking to whom.
Now, the bubblewrap envelopes - they don't sort quite like other envelopes, they're a bit heavier. Maybe they're going to an unknown recipient, and you think that's odd. They look a bit different. Put those recipients on a list. One gets too high, maybe block them and see if anyone you care about complain.
Now, clearly, people will figure out a way to make their bubblewrap envelopes look like the regular business envelopes with windows. Look like secure web traffic.
But traffic patterns are likely to look different for streaming and peer-to-peer. You might have an idea of who you'd like to enable streaming media from.
In short - you can use pure traffic analysis to make an educated guess about the nature of a data stream. Packet size, frequency, bandwidth, participants (ip addresses).
Some packages says "VPN" clearly on the side. Some pretend to be HTTPS traffic. The latter might get through, some of the time.
(Not an attempt at summarizing the video, just an attempt at an analogy for packet inspection)