"Normal" Enterprise Traffic

[thorin]

Hey Everyone, I've been asked to come up with a short list of "normal" (ya totally picture me doing that with air quotes when talking about it) Enterprise Traffic. [Inside, or Inside to Outside, not as concerned with in-bound.]

So far I've come up with the list below based on a brain dump with small additions from:

2005 - A First Look at Modern Enterprise Trafic - http://www.icir.org/enterprise-traci...look-imc05.pdf

Normal'ish Enterprise Traffic (don't get held up on the names/categories, they're just preliminary to make my life easier, I'll put more thought/rigor into them before I send this out internally):

Web - HTTP, HTTPS
email - SMTP, IMAP, POP3, POP3S
IM - MS Communicator, MSN, AIM (AOL), Yahoo, Jabber (XMPP), ICQ, IRC
Streaming - RTSP/RTP, MMS
Directory - LDAP, AD, Novell eDirectory
VoIP - SIP/SIPS, H.323, Media Gateway Control Protocol (MGCP)
Bulk Transfers - SCP (SSH?), FTP, FTPS, SFTP
Remote Access - Telnet, SSH, RDP, VNC, NetMeeting, rlogin, X11
OS - NFS, NetBIOS (DGM & SSN), CIFS/SMB, DCE/RPC
DB - MySQL, Oracle (TNS), MS SQL
Fat Clients - SAP
AV - There's gotta be some kind of proprietary comms associated with AV solutions and master definition servers etc. [EPO, etc.]
Backup - Netbackup/Veritas, rsync

Net Mgmt - SNMP, DHCP, NTP

Net Other - ARP, ICMP, BGP, DNS (TCP & UDP)

Fringe Cases
- VPN
- RADIUS
- NNTP
- Streaming
-- SHOUTcast
-- SRTP (Secure RTP)
-- STUN (Simple Traversal of Datagram)
-- SDP (Session Description Protocol)

Any thoughts/suggestions?

Edit: 20120604 - Added POP3S and Novell eDirectory @ scottm99's suggestion.

[scottm99]

Since POP3S usually goes over a different port, I'd include that. Also, if you have Novell in your environment, e-directory traffic.

[thorin]

Thanks scottm99!

[scottm99]

You're welcome, and that makes me think of something else. You think anyone uses rsh or rlogin anymore? They were in use for a long time at my employer, but, thankfully, have been phased out.