Analyzing Network Traffic and Applications

Traffic analysis is the third step in characterizing a network. Traffic analysis verifies the set of applications and protocols used in the network and determines the applications' traffic patterns. It might reveal any additional applications or protocols running on the network. Each discovered application and protocol should be described in the following terms:

■ Importance to the customer

■ QoS-related requirements

■ Security-related requirements

■ Scope (in other words, the network modules in which the application or protocol is used)

Use the following interactive approach, illustrated in Figure 2-14, to create a list of applications and protocols used in the network:

Step 1 Use customer input to list expected applications.

Step 2 Use traffic analyzers to verify the customer's list of applications.

Step 3 Present the customer with the new list of applications, and discuss discrepancies.

Step 4 Generate the final list of applications and their requirements (importance, QoS, security), as defined by the customer.

For example, the following information was collected about a fictitious application:

■ Description: Accounting software

■ Protocol: Transmission Control Protocol (TCP) port 5151

■ Importance: High

■ Avg. Rate: 50 kbps with 10-second bursts to 1 megabit per second (Mbps)

Assume that a customer requirement concerns QoS on a WAN connection with limited bandwidth. In this case, the information collected is relevant because it describes the following:

■ The application (TCP port 5151), which is required for performing classification

■ The importance of the application; this information is useful for evaluating how much bandwidth should be allocated to the application

■ The current bandwidth consumption according to the present QoS implementation

Note, however, that this information might not be relevant should the customer requirement instead concern a secure and resilient Internet connection. In that case, it might be necessary to gather additional information.

