Yeah, and your timeouts have a pretty significant impact as well. What are you using?
On 7/14/05 11:08 AM, "Jay A. Kreibich" <[EMAIL PROTECTED]> wrote: > On Thu, Jul 14, 2005 at 04:28:14PM +0200, Peter Valdemar M?rch scratched on > the wall: >> Here in our little office, we're seeing about 800 flows / person / hour. >> Half of us are rather techy, while the rest are non-technical office staff. >> >> Are these figures typcial for what you guys are seeing in "office >> environments"? > > A quick look at our campus stats say 46 flows per "online host" (e.g. > an IP address that has done any out-bound traffic in the last minute) > per minute. That works out to about 2800 flows/host/hour. > > Of course, that's a self-enhanced number, since the average is per > "online host (minute)" (usually around 4000). If we look at per > "online host (day)", the numbers work out to more like > 500 flows/host/hour. > > Of course, many of these are student/lab machines, and are not being > used a large amount of the time. If you're in a business/work > environment, your flow rates are likely to be higher. Also, we're > only looking at our campus <-> Internet traffic, not our backbone > traffic. And to add a bit more mud to the picture, this is summer, > so our traffic is far from "normal" anyways. > > But 800 flows/person/hour can be 400 network transactions, which is > only like seven network transactions per minute. If you hit a new > web site with a typical browser, you're going to generate ~5 transactions, > or 10 flows: one DNS lookup, and four (typically) HTTP transactions. > So three or for page views per minute/host at a variety of websites > could easily add up to this. That still sounds a little high > (depends on your business, I guess) but if you add in mail and all > any auto-update stuff like stock tickers (the C*O guys love those > things), NTP updates many desktops auto configure and everything > else, that level of traffic is easy to imagine. > > Unless your company has strict rules about web access, and employees > have no "work related" reason to be using web or other online > resources, I wouldn't consider this level of flow traffic to be > unusual. > > (for anyone that cares: http://rogun.cites.uiuc.edu/top/ ) > > -j -- Adam Powers Director of Technology Lancope, Inc. c. 678.725.1028 f. 770.225.6501 e. [EMAIL PROTECTED] StealthWatch by Lancope - Security Through Network Intelligence _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
