|
I looked for some traffic stats in a real,
large enterprise network and I found that UDP comprises
25-30% vs. TCP 70-75% of all traffic. The stats were measured on
multiple places in the network, and multiple samples were taken over the past 6
weeks. Also, there is a slow but consistent growth of UDP
traffic over the past couple of years, pointing to a long term
trend.
IMHO heuristics would require more frequent
inspections than just the first few packets in a flow, and would require more
heuristics rules on a per app basis, instead of relying on fixed TCP immutable
fields.
|
