There is no need to be rude or presumptive about my level of education. I shall explain what I meant in more depth to clear up any misunderstandings.
OP said: "So if you can spy on the traffic from the user to the tor entry node, and can spy on the traffic leaving the tor exit node at the same time... then you can tell that the traffic you saw going to the entry node is linked to the traffic leaving the exit node"
You said: "If you can correlate the server-->exit node flow to a specific entry node-->client flow, you've just identified the client outside of Tor."
Distinction Without a Difference - The assertion that a position is different from another position based on the language when, in fact, both positions are exactly the same -- at least in practice or practical terms.
Your provided links show that "packet sniffing" and "traffic flow analysis" are not different concepts in practice. The difference is in how the collected data is analyzed or for what purpose. For the purposes of this discussion where analysis of collected packets is for identical purposes, this is also a distinction without a difference. "A packet analyzer...is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network." "NetFlow is a feature that was introduced on Cisco routers that provides the ability to collect IP network traffic as it enters or exits an interface."
If you feel I have misinterpreted your statements, I would appreciate additional feedback.
My points were literal, rather than pejorative. Sniffing packets is gathering the *actual* packets. Netflow collects statistics about packets being transmitted/received. Do you see the difference?
GP stated "Good luck being able to sniff traffic on *both* ends." Firstly, traffic isn't being "sniffed." Secondly, With Netflow, it's not necessary to have packet sniffers on the specific links used in order to gather packet statistics.
What is more, since context is everything, GP was responding to my assessment of the paper (you know, the point of the article) and misunderstood the methodology used by the researchers. I explained.
If I (here and in my original post) have been unable to explain to you both the difference between packet sniffing and Netflow analysis and/or why GP misunderstood the methodology employed by the researchers, I suggest you read the paper yourself.
TL;DR : Packet sniffing != Netflow. Methodologies have impact on results and should be understood.
Should you want to criticize me, my reasoning or my (or at least your interpretation of it) tone for any other reasons? By all means, go right ahead.