Network Based Application Recognition

available in Cisco networking equipment (maybe in other companies' equipment too, but I don't know other equpments and it will surely have another name.. sorry).

It is the mechanism to recognize a dataflow by the first packet sent. (IMHO)

AFAIK the networking equipment takes a close look at the first packet of each dataflow (IP connection etc..) and decides what to do with the packet and all other packtes of the flow. then it programmes the internal ASICs to handle this flow appropriatly. usually the categorisation is done with OSI-layer4 info at most (IP protocol and port), but new applications have made it difficult to cling to this kind of tagging.

malicious software using known ports to fake being "priority traffic" (such as TCP port 80 for HTTP) or non-standard apps using non-determinaly ports have made the NBAR approach useful.

the networking equipment does a deep packet inspection on the first packet, to determin the kind of traffic cathegory the packet belongs to, using a NBAR profile. based on this cathegory the complete flow can be put into low or high prio classes and thus assigned to queues.

dont beat me up, if this is wrong.
more info at CCO: http://www.cisco.com