We recently installed a fancy new 3com switch (with QoS) in the center of a star topology of dumb switches. About the same time our internet connection was brought to a screeching halt. We figured out the online radios and video streams from you tube and others killed our T1 because of QoS. I've disabled QoS since, and am playing around with the WireShark. I am not looking to block ports, sites or users - thats one can of worms I'd rather avoid (and those are too easy to bypass anyway). I am looking for a way to limit all the audio/video streaming traffic from all users to a set maximum bandwith, so they only crowd out each other's stream, and not the legit traffic, or assign a lower priority weight to it. We do have a couple NEC IP phones that we hardly use. Can I do something with ACLs or QoS/CoS about that.
In case that is not possible if I need to filter them how can I identify audio/video streams/packets? It seems like most are using port 80 and show as http on the wireshark. Where can I find the DCSP values for voip frames and youtube streams and online radio streams.