Jump to content

Network Based Application Recognition

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 194.85.82.121 (talk) at 23:38, 2 December 2006 (link to ru:~). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Network Based Application Recognition (NBAR)[1] is the mechanism used to recognize a dataflow by the first packet sent.

The networking equipment which uses NBAR does a deep packet inspection on the first packet in a dataflow, to determine which traffic category the flow belongs to. It then programmes the internal ASICs to handle this flow appropriately. The categorisation is usually done with OSI-layer4 info, but new applications have made it difficult to cling to this kind of tagging.

The NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic", as well as non-standard apps using non-determinaly ports.[2]

References

  1. ^ NBAR defined at Cisco website
  2. ^ Using Network-Based Application Recognition and ACLs for Blocking the "Code Red" Worm, Cisco.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Network_Based_Application_Recognition&oldid=91679495"