'''Network Based Application Recognition''' (NBAR)<ref>[https://web.archive.org/web/20050924161229/http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm NBAR defined at Cisco website]</ref> is the mechanism used by some Cisco routers and switches to recognize a dataflow by inspecting some packets sent.

The networking equipment which uses NBAR does a deep packet inspection on some of the packets in a dataflow, to determine which traffic category the flow belongs to. Used in conjunction with other features, it may then program the internal application-specific integrated circuits (ASICs) to handle this flow appropriately. The categorization may be done with Open Systems Interconnection (OSI) layer 4 info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging.<ref>BitTorrent Encryption and Obfuscation</ref>

The NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic", as well as non-standard applications using dynamic ports.<ref>''[http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Using Network-Based Application Recognition and ACLs] for Blocking the "Code Red" Worm'', Cisco.</ref> That's why NBAR is also known as OSI layer 7 categorization.

On Cisco routers, NBAR is mainly used for quality of service and network security purposes.

==References== {{reflist}}

== External links == *[http://whitepapers.zdnet.co.uk/0,39025945,60105500p-39000590q,00.htm ''Network Based Application Recognition: RTP Payload Classification'']{{Dead link|date=September 2025 |bot=InternetArchiveBot |fix-attempted=yes }}, Cisco. *[http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080ac3082.shtml ''Block P2P Traffic on a Cisco IOS Router using NBAR Configuration Example''], Cisco.

Category:Computer network security

{{compu-network-stub}}