Re: Traffic identification in Citrix Session- Urgent

dpopli · ‎12-19-2006

I am looking for clarification on the type of traffic generated by Citrix sessions, particularly when copying a file during the Citrix session.

I understand the Citrix ICA port 1494 and a negotiated high port 1023-65534 will be used for the traffic between the client and the server. However what happens when a file is copied to the local workstation through a Citrix session? Does this generate CIFS (NetBIOS 137 138 and 139 ports) or is the data transfer encrypted within the Citrix protocol.

I am using Packeteer that detects CIFS traffic coming from the Citrix server, however when I capture this traffic using ethereal I can not see these ports (137 138 and 139).

This is important to me as I am using an MPLS wide area network and I place ICA traffic in a priority class of service. It appears to me that if a lot of file copying is being done from within the Citrix session to a local resource the file copy is included in my priority traffic. This is not what I want to achieve. I only want to prioritise ICA traffic.

Any opinions welcomed.

carenas123 · ‎12-26-2006

A common test setup was created for measuring NBAR performance on the selected platforms using the same test equipment and traffic load. The IXIA traffic generator was used to replicate real network traffic flows. These traffic flows were created by capturing actual client and server session traffic for a particular protocol. Once captured, the flows were replayed back on the test network via the IXIA devices. The Device Under Test (DUT) was subjected to the test traffic under four different scenarios-first a baseline test without NBAR enabled, then three performance tests with the NBAR features enabled in the following order-protocol discovery, match protocol, and both protocol discovery and match protocol.