I am looking for clarification on the type of traffic generated by Citrix sessions, particularly when copying a file during the Citrix session.
I understand the Citrix ICA port 1494 and a negotiated high port 1023-65534 will be used for the traffic between the client and the server. However what happens when a file is copied to the local workstation through a Citrix session? Does this generate CIFS (NetBIOS 137 138 and 139 ports) or is the data transfer encrypted within the Citrix protocol.
I am using Packeteer that detects CIFS traffic coming from the Citrix server, however when I capture this traffic using ethereal I can not see these ports (137 138 and 139).
This is important to me as I am using an MPLS wide area network and I place ICA traffic in a priority class of service. It appears to me that if a lot of file copying is being done from within the Citrix session to a local resource the file copy is included in my priority traffic. This is not what I want to achieve. I only want to prioritise ICA traffic.
Any opinions welcomed.