Revision as of 23:38, 2 December 2006 edit 194.85.82.121 (talk) link to ru:~ ← Previous edit		Revision as of 20:55, 15 February 2007 edit undo 80.229.12.101 (talk) No edit summary Next edit →
Line 1: '''Network Based Application Recognition''' (NBAR)<ref>[http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm NBAR defined at Cisco website]</ref> is the mechanism used to recognize a dataflow by the first [[packet]] sent. The [[Computer network\|networking]] equipment which uses NBAR does a [[deep packet inspection]] on the first packet in a dataflow, to determine which traffic category the flow belongs to. It then ~~programmes~~programs the internal [[ASIC]]s to handle this flow appropriately. The categorisation is usually done with [[OSI-layer4]] info, but new applications have made it difficult to cling to this kind of tagging. The NBAR approach is useful in dealing with malicious [[software]] using known [[TCP and UDP port\|ports]] to fake being "priority traffic", as well as non-standard apps using non-determinaly ports.<ref>''[http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Using Network-Based Application Recognition and ACLs] for Blocking the "Code Red" Worm'', Cisco.</ref>

Network Based Application Recognition: Difference between revisions