This capability is called subport classification. NBAR looks into the TCP/UDP payload and
classifies packets on the basis of the content within the payload, such as transaction identifier, message type, or
other similar data.
NBAR classifies the following three types of protocols:
TCP and UDP protocols that use statically assigned port numbers
TCP and UDP protocols that use dynamically assigned port numbers, requiring stateful inspection
Non-TCP and non-UDP IP protocols such as IPsec (ESP/AH) or ICMP
Protocol Discovery
NBAR includes a special Protocol Discovery feature that provides an easy way to discover application protocols
traversing a network at any given time. Protocol Discovery can be applied to interfaces by using the ip nbar
protocol-discovery command under the interface configuration mode and can be used to monitor both input
and output traffic. The Protocol Discovery feature captures important per-protocol statistics supported by NBAR,
such as total number of input and output packets and bytes, and input and output bit rates. These statistics
assist in developing traffic classes and policies. The show ip nbar protocol-discovery command displays the
statistics for all interfaces on which Protocol Discovery is enabled.
Pages:
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383