I recently wrote about using Cisco's NBAR to investigate what protocols were in use on your network. I thought it might be interesting to take a look at the top 10 protocols on a residential broadband network. If you're running a large network, or planning a large network, perhaps this list can help you.

I should note that NetBIOS was in the top 10 until I started blocking NetBIOS at the switches.

  1. HTTP (Hypertext Transfer Protocol) - This is normal web browsing. It really comes as no surprise that this is what the majority of users are doing.
  2. Gnutella
  3. eDonkey
  4. BitTorrent - These three are peer-to-peer sharing technologies. Again, it's not a real surprise that these protocols rank so high. When a network becomes clogged, peer-to-peer networking is often the first thing to get cut. Cisco's NBAR is a perfect way to do that.
  5. RTP (Real-time Transport Protocol) - This protocol is used for delivering audio and video. It's the protocol that does the heavy-lifting in a SIP-based VoIP call, for example. RTP has no defined ports. This is the strength of NBAR; the ability to recognize an application without a specified port assigned.
  6. Skype - Peer-to-peer Internet telephony
  7. NNTP (Network News Transfer Protocol) - NNTP is the protocol used to post and retrieve Usenet articles. It's likely this protocol is being used to download files from a Usenet server.
  8. FTP (File Transfer Protocol) - Used to transfer files to and from an FTP server.
  9. Secure HTTP (HTTPS) - Normal HTTP protocol over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) transport.
  10. RTCP (Real-time Transport Control Protocol) - RTCP provides out-of-band control information for RTP. This is equivalent to FTP's control connection.

Below is the output from the router that was used to generate this list. Output is user facing, so it represents downloads from the user perspective.

SLAP#show ip nbar protocol-discovery stats max-bit-rate top-n 10

GigabitEthernet0/1
                    Input                    Output
                    -----                    ------
Protocol            30sec Max Bit Rate (bps) 30sec Max Bit Rate (bps)
------------------- ------------------------ ------------------------
http                6156000                  34987000
gnutella            4904000                  9337000
edonkey             10016000                 2278000
bittorrent          3004000                  8157000
rtp                 1503000                  4835000
skype               873000                   5415000
nntp                135000                   4005000
ftp                 625000                   3292000
secure-http         952000                   2483000
rtcp                488000                   2823000
unknown             43234000                 10981000
Total               83515000                 124783000