Network Based Application Recognition (NBAR)[1] is the mechanism used by
some Cisco routers and switches to recognie a data!ow by inspecting some
packets sent" #he networking e$uipment which uses NBAR does a deep packet inspection on some o% the packets in a data!ow& to determine which tra'c category the !ow belongs to" (sed in con)unction with other %eatures& it may then program the internal A*+Cs to handle this !ow appropriately" #he categoriation may be done with ,*+ layer - in%o& packet content& signaling& and so on but some new applications ha.e made it di'cult on purpose to cling to this kind o% tagging [/]" #he NBAR approach is use%ul in dealing with malicious so%tware using known ports to %ake being 0priority tra'c0& as well as non1standard applications using dynamic ports"[2] #hat3s why NBAR is also known as ,*+ layer 4 categoriation" ,n Cisco routers& NBAR is mainly used %or 5uality o% *er.ice and *ecurity purposes"