Identifying Various Types of Data on the Network

We currently use PRTG and packet sniffing to monitor traffic on our network. PRTG monitors and breaks down the types of packets based on the protocols or channels used. It has categories for DNS, FTP, HTTP, HTTPS, ICMP, IRC, NETBIOS, POP3, RDP, SMTP, SNMP, SSH, and TELNET. It then dumps everything else into the last category of “other” which means it does not fit into any of the other channels. This “other” category is relatively substantial on our network, so we would like to get a little better breakdown of what this “other” data is.

I think that a lot of streaming type of data seems to fall under this other category. I know that many different protocols can be used and as such it is not always possible to tell exactly what the data is, but is there some well known channels or ports or protocols associated with certain types of data that I can teach PRTG, so that it can better track down the packet types? Specially with better known video streaming services out there such as Netflix, or Hulu, etc.?

Thanks.

I was always under the impression that NetFlix and Hulu were HTTP streaming-based.

Perhaps grouping traffic by subnet or ASN would give you appreciable results? Certainly is nice to know how much traffic is going to YouTube

salad wrote:
I was always under the impression that NetFlix and Hulu were HTTP streaming-based.

Perhaps grouping traffic by subnet or ASN would give you appreciable results? Certainly is nice to know how much traffic is going to YouTube


They may very well be. I'm just starting to look into this, so I'm not sure. If they are HTTP, then yes, we will have to try and identify by IP address, etc.

You may want to consider doing some netflow analysis as it lets you stream flow information to a central site where you can store, aggregate, and query the data all you like. Assuming PRGT’s HTTP category bucket just means ‘tcp port 80’, with more granular software, you should be able to do something like select port, sort by bytes, and manually lookup the highest ones.

We use nfdump and nfsen extensively.