Network Based Application Recognition: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 04:14, 2 August 2010 edit Agradman (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers 8,990 edits m moved NBAR to Network Based Application Recognition: making room for Nonbinding allocation of responsibility ← Previous edit		Latest revision as of 13:04, 15 April 2025 edit undo Aoidh (talk \| contribs) Autopatrolled, Checkusers, Oversighters, Administrators 59,283 edits Undid revision 1285706095 by Mike Holand102 (talk) Refspam Tag: Undo
(9 intermediate revisions by 9 users not shown)
Line 1: '''Network Based Application Recognition''' (NBAR)<ref>[https://web.archive.org/web/20050924161229/http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm NBAR defined at Cisco website]</ref> is the mechanism used by some [[Cisco]] [[Router (computing)\|router]]s and [[Network switch\|switches]] to recognize a [[Traffic_flow_(computer_networking)\|dataflow]] by inspecting some [[packet (information technology)\|packets]] sent.▼ ~~{{Orphan\|date=May 2008}}~~ The [[Computer network\|networking]] equipment which uses NBAR does a [[deep packet inspection]] on some of the packets in a dataflow, to determine which traffic category the flow belongs to. Used in conjunction with other features, it may then program the internal [[~~ASIC~~application-specific integrated circuits]]s (ASICs) to handle this flow appropriately. The categorization may be done with [[Application_layer\|Open Systems Interconnection (OSI) layer 4]] info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging .<ref>[[BitTorrent protocol encryption\|BitTorrent Encryption and Obfuscation]]</ref>.▼ ▲'''Network Based Application Recognition''' (NBAR)<ref>[http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm NBAR defined at Cisco website]</ref> is the mechanism used by some [[Cisco]] [[router]]s and [[Network switch\|switches]] to recognize a dataflow by inspecting some [[packet (information technology)\|packets]] sent. ▲The [[Computer network\|networking]] equipment which uses NBAR does a [[deep packet inspection]] on some of the packets in a dataflow, to determine which traffic category the flow belongs to. Used in conjunction with other features, it may then program the internal [[ASIC]]s to handle this flow appropriately. The categorization may be done with [[OSI layer 4]] info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging <ref>[[BitTorrent protocol encryption\|BitTorrent Encryption and Obfuscation]]</ref>. The NBAR approach is useful in dealing with malicious [[software]] using known [[TCP and UDP port\|ports]] to fake being "priority traffic", as well as non-standard applications using dynamic ports.<ref>''[http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Using Network-Based Application Recognition and ACLs] for Blocking the "Code Red" Worm'', Cisco.</ref> That's why NBAR is also known as [[OSI layer 7]] categorization. On Cisco routers, NBAR is mainly used for [[~~Quality~~quality of ~~Service~~service]] and [[~~Security~~network security]] purposes. ==References== Line 15 ⟶ 13: [http://whitepapers.zdnet.co.uk/0,39025945,60105500p-39000590q,00.htm ''Network Based Application Recognition: RTP Payload Classification''], Cisco. [http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080ac3082.shtml ''Block P2P Traffic on a Cisco IOS Router using NBAR Configuration Example''], Cisco. [[Category:Computer network security]] {{compu-network-stub}}▼ ~~[[ru:Network Based Application Recognition]]~~ ▲{{compu-network-stub}}