Server-client determination

What is claimed is: 1 . A method comprising: receiving, from a first sensor that monitors at least part of first data traffic exchanged between a pair of nodes in a network, first information of the first data traffic, the pair of nodes comprising a first node and a second node; determining, by analyzing the first information, that the first node initiated the first data traffic; and determining that the first node is a client and that the second node is a server. 2 . The method of claim 1 , wherein the first sensor is located at one of the first node, the second node, or a network node different from the first node and the second node, the network node being at least one of a server, a virtual machine, a hypervisor, a switch, or a gateway. 3 . The method of claim 1 , further comprising: receiving, from a second sensor that monitors at least part of the first data traffic exchanged between the pair of nodes, second information of the first data traffic, wherein the determining that the first node initiated the first data traffic is further based on the second information. 4 . The method of claim 3 , wherein each of the first information and the second information is weighted with a respective weight for the estimation. 5 . The method of claim 4 , wherein the respective weight is determined based on at least one of a length of time, an amount of information, or a margin of error, associated with monitoring the first data traffic by a corresponding sensor. 6 . The method of claim 1 , further comprising: receiving, from a plurality of sensors that respectively monitor at least part of the first data traffic exchanged between the pair of nodes, respective information of the first data traffic, wherein the determining that the first node initiated the first data traffic is further based on the respective information. 7 . The method of claim 1 , further comprising: generating a communication graph comprising the first node, the second node, and a third node in the network; receiving, from a second sensor that monitors at least part of second data traffic exchanged between the second node and the third node, second information of the second data traffic; determining, based upon the second information, that the second node has initiated the second data traffic exchange between the second node and the third node; and determining that the second node is the client and the third node is another server. 8 . The method of claim 1 , further comprising: receiving second data traffic exchanged between one or more known client-server pairs in the network; performing a series of machine learning tasks based at least upon the second data traffic data exchanged between the one or more known client-server pairs; and determining client-server statuses of other nodes in the network using the series of machine learning tasks. 9 . The method of claim 8 , wherein the series of machine learning tasks comprise a supervised learning, and wherein the supervised learning is used to determine that the first node initiated the first data traffic. 10 . The method of claim 9 , wherein the series of machine learning tasks comprise at least one machine learning task from a decision tree, a random forest, a neural network, or a random forest. 11 . A method comprising: receiving, from a first sensor that monitors at least part of first data traffic being transmitted via a pair of nodes in a network, first information of the first data traffic, the pair of nodes comprising a first node and a second node; determining, by analyzing the first information, a first degree of connection for the first node and a second degree of connection for the second node, wherein the first degree of connection indicates how many unique address-port pairs that the first node has communicated with, and wherein the second degree of connection indicates how many unique address-port pairs that the second node has communicated with; determining that the first degree of connection is greater than the second degree of connection; and determining that the first node is a server and that the second node is a client. 12 . The method of claim 11 , wherein each of the unique address-port pairs comprises an Internet protocol address and a port number. 13 . The method of claim 11 , wherein the first sensor is located at one of the first node, the second node, or a network node different from the first node and the second node, the network node being at least one of a server, a virtual machine, a hypervisor, a switch, or a gateway. 14 . The method of claim 11 , further comprising: generating a communication graph comprising the first node, the second node, and a third node in the network; receiving, from a second sensor that monitors at least part of second data traffic exchanged between the second node and the third node, second information of the second data traffic; determining, based upon the second information, that the second node has initiated the second data traffic exchange between the second node and the third node; and determining that the second node is the client and the third node is another server. 15 . The method of claim 14 , further comprising: receiving second data traffic exchanged between one or more known client-server pairs in the network; performing a series of machine learning tasks based at least upon the second data traffic data exchanged between the one or more known client-server pairs; and determining client-server statuses of other nodes in the network based upon the series of machine learning tasks. 16 . The method of claim 15 , wherein the series of machine learning tasks comprise a supervised learning, and wherein the first degree of connection and the second degree of connection are determined using the supervised learning. 17 . The method of claim 16 , wherein the series of machine learning tasks comprise at least one machine learning task from a decision tree, a random forest, a neural network, or a random forest. 18 . A system comprising: a processor; and a computer-readable storage medium storing instructions which, when executed by the processor, cause the system to perform operations comprising: receiving, from a first sensor that monitors at least part of first data traffic being transmitted via a pair of nodes in a network, first information of the first data traffic, the pair of nodes comprising a first node and a second node; determining, by analyzing the first information, timings of first data traffic being transmitted via the pair of nodes and degrees of connection for the pair of nodes, the first node having a first degree of connection and the second node having a second degree of connection; and determining, based at least upon the timings of first data traffic, the degrees of connection, and a predetermined rule associated with the timings of the first data traffic and the degrees of connections, that the first node initiated the first data traffic or the first degree of connection is less than the second degree of connection; and determining that the first node is a client and that the second node is a server. 19 . The system of claim 18 , wherein the instructions, when executed by the processor, cause the system to perform operations further comprising: receiving, from a second sensor that monitors at least part of the first data traffic exchanged between the pair of nodes, second information of the first data traffic, wherein the determining the timings of first data traffic