Network Based Application Recognition
   HOME

TheInfoList



Click Here for Items Related To - Network Based Application Recognition
OR:
Network Based Application Recognition on:   [Wikipedia]   [Google]   [Amazon]

Network Based Application Recognition (NBAR) is the mechanism used by some
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
routers and
switches In electrical engineering, a switch is an electrical component that can disconnect or connect the conducting path in an electrical circuit, interrupting the electric current or diverting it from one conductor to another. The most common type of ...
to recognize a
dataflow In computing, dataflow is a broad concept, which has various meanings depending on the application and context. In the context of software architecture, data flow relates to stream processing or reactive programming. Software architecture Dataf ...
by inspecting some packets sent. The networking equipment which uses NBAR does a
deep packet inspection Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is oft ...
on some of the packets in a dataflow, to determine which traffic category the flow belongs to. Used in conjunction with other features, it may then program the internal
application-specific integrated circuits An application-specific integrated circuit (ASIC ) is an integrated circuit (IC) chip customized for a particular use, rather than intended for general-purpose use, such as a chip designed to run in a digital voice recorder or a high-efficie ...
(ASICs) to handle this flow appropriately. The categorization may be done with Open Systems Interconnection (OSI) layer 4 info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging. The NBAR approach is useful in dealing with malicious
software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...
using known
ports A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as Ham ...
to fake being "priority traffic", as well as non-standard applications using dynamic ports.
Using Network-Based Application Recognition and ACLs
for Blocking the "Code Red" Worm'', Cisco. That's why NBAR is also known as OSI layer 7 categorization. On Cisco routers, NBAR is mainly used for
quality of service Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitat ...
and
network security Network security consists of the policies, policies, processes and practices adopted to prevent, detect and monitor unauthorized access, Abuse, misuse, modification, or denial of a computer network and network-accessible resources. Network securi ...
purposes.


References


External links


''Network Based Application Recognition: RTP Payload Classification''
Cisco.
''Block P2P Traffic on a Cisco IOS Router using NBAR Configuration Example''
Cisco. Computer network security {{compu-network-stub