2

For 69 views in the first day, 2 up-votes within 2 days, it's a shame that this was closed.

What are the commonly used protocols that sit atop TCP/IP and UDP/IP?

My list includes HTTP and BitTorrent. I know those are popular, what I am curious is what other protocols are very common.

I am working with an internet filter. It would be extremely useful to know what I am dealing with. Empirical Data.

UPDATE: I was investigating the need for deep packet scanning because my google insights for search showed a huge drop-off in peer 2 peer related searches: e.g IRC, eMule, SoulSeek, etc.

ANSWER: Since this question is closed, I will attempt to answer it.

Sandvine has a cool report (registration required). It is from 2010.

unixman83
  • 1,932
  • 8
  • 25
  • 33
  • TCP/IP (including UDP) is a protocol. Are you just trying to find common things to allow for outbound internet access? – TheCleaner Mar 17 '11 at 17:55
  • 1
    @TheCleaner, Yes but my question was regarding Deep Packet Inspection of the higher level protocols (e.g. HTTP, DNS, BitTorrent, etc) – unixman83 Mar 18 '11 at 21:22

3 Answers3

3

There are a lot of measurements of Internet traffic. I would suggest you start by searching for "internet traffic statistics" at Google scholar and start reading. Some articles to start with are the following:

pehrs
  • 8,789
  • 1
  • 30
  • 46
2

Addition to my comment in your OP.

If all you are wanting is to setup an outbound internet filter for your company here's my suggestion (since every company is unique).

Setup the default policy to allow any/any outbound. Enable logging of the traffic, preferably to a syslog server or something that can actually analyze the traffic and report on it (get a 30 day eval of something if you have to).

After letting it run for a few weeks, look at the traffic outbound...again preferably by reports, and then setup a new policy called "Allowed Internet Outbound" and add the protocols/ports/applications needed into it and then enable that policy and disable the original default policy.

The couple of weeks of reporting should also show you what to NOT allow outbound and who is abusing bandwidth.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
1

The most popular ones would be listed in /etc/services in any modern *nix box if you have access to that. What are you attempting to do exactly? In securing an office environment for example, you would probably be better served filtering everything and allowing only what is needed, etc.

Grahamux
  • 632
  • 3
  • 6