What can I use to classify traffic- Traffic Direction
- Protocol –IP, IPX, DECnet, IGMP etc.
- Port Source, Destination or either
- Special Ports for packet fragments, SYN set, ACK set, connects (SYN set & ACK not set) and all IP.
- IP Address or subnet. Source or Destination Address or both
- P2P protocol – Gnutella, Morpheus, Kazar etc.
- VLAN discovery
- Diffserve Tags
- MAC Address. Source or Destination Address or both
- MAC Protocol
- Virtual Host Name Address
- URL sub-string or domain
