8/5 Dear network administrators, I'm just curious what percentage of the
traffic is http, ftp, ssh, finger, ping, etc? And is it really
possible to do a successful DoS via finger?
\_ Depends entirely on what your network does. Big corporation?
Internally? To the Internet? University? Carrier? It varies
tremendously. And you can DoS using pretty much anything, if you
do it enough. -John
\-well obviously this is sort of a trivial question for a
LAN ... if you are an large oil company and are crunching a
lot of data, maybe it is NFS, maybe it is AFS ... maybe you
are using computation GRIDS ... but you should probably be
surprised if it is Quake traffic. As for the internet at large
which is what i assume you are asking, I havent been following
the internet measurement area for a while but a few things:
tcp is +85%. udp is a distant second. the size of flows and
packets have some interesting distribution properties [e.g.
obviously a lot of syn/ack/fin/rst "small packets"] as
well as some directionality properties [hence asymmetric
bandwidth provisioning makes sense], as well as some time
of day, day of week effects [which are what you expect ...
weekends are quieter] and there are some hour of day properties
but i dont rembmer how geography was factored into those
measurements. and now for protocols ... yes http traffic is
something like 75% of all traffic. there is a couple of
percent DNS background [the percentage has come down a bit
over the last 10yrs]. ftp as a fraction has come down and
is now in the single digits. mail is also in the same range
but i dont remember how this has changed over time since
spam took off. unsurprsingly ftp transactions are larger
than email, so the same number of bytes represents much
fewer transactions. i believe the news background has
shrunk in percentage terms but dont know what the absolute
flow volumes are. ssh, telnet rlogin are all noise.
i dont know much about what i'll call web helper applications
like streaming audio/video. also i dont know what p2p
has done to these numbers. i also dont know to what extent
the public internet is use for online WAN gaming. i doubt
netrek is king though :-). you can look maybe around the
CAIDA website ... they might have something up to date,
look for maybe kc claffy. disclaimer: my numbers are biased
toward byte volumes, not flows or packet counts. most
importantly this is pre a lot of p2p take off. there were
some early trend numbers but i dont know what the picture
looks like after the napster rollercoaster, the rise of
gnutella, bittorrent etc. more involved statistical analysis
of flows is beyond the scope of the motd. if you are interested
in a narrow question you can send me a note. --psb
\_ What Partha said, and ditto about specific questions--I mainly
know about banking/insurance networks (Internet and LAN.)
Also you may want to differentiate between # sessions and
# packets/session (as Partha indicated.) Use something like
EtherApe on a core L3 switch SPAN port to give you a cute
graphical overview of what/how much is out there. In a
corporate LAN, your highest overhead's bound to be Windows
fileshare, web & email traffic. Also depends on what part
of a network you're looking at (e.g. some nets are dedicated
server segments, where you might see mainly SQL-type stuff
going back and forth, etc.) -John |
http://csua.com/feed/