Revision as of 11:08, 10 July 2009 edit 161.58.86.196 (talk) marking trust boundry ← Previous edit		Revision as of 10:10, 10 November 2009 edit undo Etychon (talk \| contribs) 8 edits No edit summary Next edit →
Line 1: {{Orphan\|date=May 2008}} '''Network Based Application Recognition''' (NBAR)<ref>[http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm NBAR defined at Cisco website]</ref> is the mechanism used by some [[Cisco]] [[router]]s and [[Network switch\|switches]] to recognize a dataflow by ~~the~~inspecting ~~first~~some [[packet (information technology)\|~~packet~~packets]] sent. The [[Computer network\|networking]] equipment which uses NBAR does a [[deep packet inspection]] on ~~the~~some ~~first~~of ~~packet~~the packets in a dataflow, to determine which traffic category the flow belongs to. ItUsed in conjunction with other features, it may then ~~programs~~program the internal [[ASIC]]s to handle this flow appropriately. The categorization ismay ~~usually~~be done with [[OSI layer 4]] info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging <ref>[http://en.wikipedia.org/wiki/BitTorrent_protocol_encryption BitTorrent Encryption and Obfuscation]</ref>. The NBAR approach is useful in dealing with malicious [[software]] using known [[TCP and UDP port\|ports]] to fake being "priority traffic", as well as non-standard applications using dynamic ports.<ref>''[http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Using Network-Based Application Recognition and ACLs] for Blocking the "Code Red" Worm'', Cisco.</ref> That's why NBAR is also known as [[OSI layer 7]] categorization.

Network Based Application Recognition: Difference between revisions