Network Based Application Recognition: Difference between revisions

Content deleted Content added

Inline

Revision as of 08:08, 15 April 2025

Network Based Application Recognition (NBAR)^[1] is the mechanism used by some Cisco routers and switches to recognize a dataflow by inspecting some packets sent.

The networking equipment which uses NBAR does a deep packet inspection on some of the packets in a dataflow, to determine which traffic category the flow belongs to. Used in conjunction with other features, it may then program the internal application-specific integrated circuits (ASICs) to handle this flow appropriately. The categorization may be done with Open Systems Interconnection (OSI) layer 4 info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging.^[2]

The NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic", as well as non-standard applications using dynamic ports.^[3] That's why NBAR is also known as OSI layer 7 categorization.Hence, NBAR is often included in cybersecurity awareness training^[4] to spot traffic evasion.

On Cisco routers, NBAR is mainly used for quality of service and network security purposes.

References

^ NBAR defined at Cisco website
^ BitTorrent Encryption and Obfuscation
^ Using Network-Based Application Recognition and ACLs for Blocking the "Code Red" Worm, Cisco.
^ cybersecurity awareness training

External links

This computer networking article is a stub. You can help Wikipedia by expanding it.

[1] NBAR defined at Cisco website

[2] BitTorrent Encryption and Obfuscation

[3] Using Network-Based Application Recognition and ACLs for Blocking the "Code Red" Worm, Cisco.

[4] ybersecurity awareness training

[1]

[2]

[3]

[4]

@@ Line 3: / Line 3: @@
 The [[Computer network|networking]] equipment which uses NBAR does a [[deep packet inspection]] on some of the packets in a dataflow, to determine which traffic category the flow belongs to. Used in conjunction with other features, it may then program the internal [[application-specific integrated circuits]] (ASICs) to handle this flow appropriately. The categorization may be done with [[Application_layer|Open Systems Interconnection (OSI) layer 4]] info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging.<ref>[[BitTorrent protocol encryption|BitTorrent Encryption and Obfuscation]]</ref>
-The NBAR approach is useful in dealing with malicious [[software]] using known [[TCP and UDP port|ports]] to fake being "priority traffic", as well as non-standard applications using dynamic ports.<ref>''[http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Using Network-Based Application Recognition and ACLs] for Blocking the "Code Red" Worm'', Cisco.</ref> That's why NBAR is also known as [[OSI layer 7]] categorization.
+The NBAR approach is useful in dealing with malicious [[software]] using known [[TCP and UDP port|ports]] to fake being "priority traffic", as well as non-standard applications using dynamic ports.<ref>''[http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Using Network-Based Application Recognition and ACLs] for Blocking the "Code Red" Worm'', Cisco.</ref> That's why NBAR is also known as [[OSI layer 7]] categorization.Hence, NBAR is often included in cybersecurity awareness training<ref>[https://cyber-rebels.co.uk cybersecurity awareness training]</ref> to spot traffic evasion.
 On Cisco routers, NBAR is mainly used for [[quality of service]] and [[network security]] purposes.