Network Based Application Recognition (NBAR)[1] is the mechanism used by

some Cisco routers and switches to recognie a data!ow by inspecting some

packets sent"
#he networking e$uipment which uses NBAR does a deep packet inspection
on some o% the packets in a data!ow& to determine which tra'c category the
!ow belongs to" (sed in con)unction with other %eatures& it may then program
the internal A*+Cs to handle this !ow appropriately" #he categoriation may
be done with ,*+ layer - in%o& packet content& signaling& and so on but some
new applications ha.e made it di'cult on purpose to cling to this kind o%
tagging [/]"
#he NBAR approach is use%ul in dealing with malicious so%tware using known
ports to %ake being 0priority tra'c0& as well as non1standard applications
using dynamic ports"[2] #hat3s why NBAR is also known as ,*+ layer 4
categoriation"
,n Cisco routers& NBAR is mainly used %or 5uality o% *er.ice and *ecurity
purposes"