Jump to content

Network Based Application Recognition

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Andrewjuliz (talk | contribs) at 08:11, 3 April 2008. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Network Based Application Recognition (NBAR)[1] is the mechanism used to recognize a dataflow by the first packet sent.

The networking equipment which uses NBAR does a deep packet inspection on the first packet in a dataflow, to determine which traffic category the flow belongs to. It then programs the internal ASICs to handle this flow appropriately. The categorization is usually done with OSI_layer_4 info, but new applications have made it difficult to cling to this kind of tagging.

The NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic", as well as non-standard applications using dynamic ports.[2] That's why NBAR is also known as OSI_layer_7 categorization.

On Cisco routers, NBAR is mainly used for Quality of Service and Security purposes.

References

  1. ^ NBAR defined at Cisco website
  2. ^ Using Network-Based Application Recognition and ACLs for Blocking the "Code Red" Worm, Cisco.


Stub icon

This computer networking article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Network_Based_Application_Recognition&oldid=202999763"