.jpg "Opportunities, Appliacation, Openings"){kind=small}
.jpg "Hand Job, Blow Job, Job Search, Monster Job"){kind=small}
.jpg "pusat resume, daftar kerja, cari kerja"){kind=small}
.jpg "Project Manager, SOftware Engineer, SAP Consultant"){kind=small}
NBAR
Dear Joseph,
It would great if you can share your NBAR configuration with comments and the complex policy map through which you are allowing people to bypass it. Because I am was also thinking to deploy it keeping in mind the financial reason for most of my clients.
With regards,
Sarfaraz Muneer
On Tue, Feb 26, 2008 at 8:40 PM, Joseph Brunner wrote:
> Sure let me know if I can help you with the config. > > I have lots of clients who wont pony up any more money than the 2800 > router, > so it HAS to do all this. > > In particular I even made a complex policy map that allowed several people > to bypass the filters, etc. > > -Joe > > —–Original Message—– > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of > Rik > Guyler > Sent: Tuesday, February 26, 2008 11:38 AM > To: ‘Joseph Brunner’; ‘Cisco certification’ > Subject: RE: NBAR > > Thanks Joe. I thought this was likely the case. In my case it may come > down to a financial decision but at least now I know it works reasonably > well. > > Rik > > —–Original Message—– > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of > Joseph Brunner > Sent: Tuesday, February 26, 2008 11:16 AM > To: ‘Rik Guyler’; ‘Cisco certification’ > Subject: RE: NBAR > > Nbar is a poor substitute for real good devices like packeteer and > bluecoat > proxy. > > Nbar will detect the obvious things an can block them (gnutella, bear > share, > morpheus, kazaa, edonkey etc). > > Most users nowadays though are smart enough to download programs that use > tcp 80 for file sharing, etc. or just go to youtube/facebook. > > I haven’t had some time to try the latest mpf filters in the asa, but > other > than the Instant messenger filters, nothing so far looks that promising. > > Here is a real sh ip nbar protocol-discovery > > From a live router at a client site right now… > > As you can see its detecting fasttrack, bittorrent, edonkey and others. So > its obviously able to recognize and detect some basic file sharing P2p > apps… > > SRrouter#sh ip nbar protocol-discovery int f0/0 > > FastEthernet0/0 > Input Output > —– —— > Protocol Packet Count Packet Count > Byte Count Byte Count > 30sec Bit Rate (bps) 30sec Bit Rate (bps) > 30sec Max Bit Rate (bps) 30sec Max Bit Rate > (bps) > ———————— ———————— > ———————— > ftp 23355352 10244065 > 14161581292 1205691124 > 0 0 > 16886000 585000 > netbios 409458540 505148940 > 48569461812 478814532535 > 135000 1359000 > 1366000 12600000 > http 65119549 56399622 > 22139281720 63477008815 > 23000 136000 > 10398000 945000 > smtp 7644343 8091576 > 5394775554 2888383117 > 0 0 > 1517000 777000 > h323 995898 924739 > 588102019 615130918 > 0 0 > 1387000 749000 > tsrvrdp 26349301 17997409 > 5727943240 1378155745 > 5000 2000 > 1320000 719000 > gnutella 14443247 10265507 > 14400366909 4181962675 > 0 15000 > 1348000 458000 > skinny 346703 173793 > 127191851 70396011 > 0 0 > 991000 742000 > secure-http 21943241 20155211 > 4681916013 9496238851 > 9000 1000 > 960000 741000 > pop3 180882 229431 > 22341825 126467337 > 0 0 > 570000 722000 > nutellaudp 3332776 2845122 > 1831437279 217027572 > 0 0 > 815000 268000 > rtp 1150580 1203771 > 310974614 1326492967 > 0 0 > 231000 802000 > novadigm 387893 218619 > 213317089 116877218 > 0 0 > 324000 690000 > pptp 99920 30127 > 47082277 30688423 > 0 0 > 433000 573000 > nfs 101829 50509 > 90246095 33102067 > 0 0 > 438000 513000 > mgcp 210683 105913 > 110163332 83810979 > 0 0 > 331000 588000 > notes 68236 33995 > 32425427 35201121 > 0 0 > 454000 359000 > netshow 87316 76064 > 34186209 62262956 > 0 0 > 513000 241000 > msnmessenger 307557 225245 > 63599676 61364497 > 0 0 > 122000 589000 > fasttrack 91728 51227 > 49635500 50854658 > 0 0 > 83000 533000 > edonkey 1162870 240950 > 508758540 14159006 > 0 0 > 567000 23000 > socks 87804 40865 > 32490054 24443258 > 0 0 > 80000 463000 > sqlserver 1839080 2341859 > 158292984 232534620 > 0 0 > 183000 322000 > rtsp 79153 53596 > 10256756 68207016 > 0 0 > 20000 443000 > sqlnet 65074 28020 > 30158192 20963473 > 0 0 > 54000 325000 > rtcp 20684 51209 > 2684508 13776242 > 0 0 > 14000 265000 > ldap 194699092 209600175 > 106836308294 48885130573 > 100000 44000 > 174000 83000 > printer 571 560 > 34266 802630 > 0 0 > 8000 167000 > exchange 663063 767842 > 311073646 133922293 > 0 0 > 56000 100000 > vdolive 41110 13386 > 50601006 986168 > 0 0 > 90000 3000 > dns 2426291 1178180 > 192480030 158160902 > 1000 1000 > 46000 45000 > kerberos 508295 506775 > 657065906 696357765 > 0 0 > 26000 29000 > xwindows 2152 838 > 402144 111336 > 0 0 > 43000 5000 > bitttorrent 406 749 > 26340 833329 > 0 0 > 1000 41000 > icmp 608591 642688 > 73946719 48299756 > 0 0 > 16000 4000 > aim 2122 1326 > 311552 312027 > 0 0 > 1000 10000 > winmx 232896 28916 > 15106868 12210093 > 0 0 > 6000 3000 > sip 106 104 > 14686 44854 > 0 0 > 3000 5000 > gre 0 17558 > 0 25036360 > 0 0 > 0 6000 > yahoomessenger 76640 52880 > 7829428 5004672 > 0 0 > 2000 4000 > dhcp 68268 0 > 22705618 0 > 0 0 > 5000 0 > snmp 394149 42733 > 47458028 5393608 > 0 0 > 2000 2000 > cuseeme 435 385 > 72512 147865 > 0 0 > 1000 3000 > pcanywhere 104 98 > 11266 18304 > 0 0 > 0 3000 > rsvp 289 19 > 352297 2635 > 0 0 > 1000 0 > citrix 242 18 > 184053 2236 > 0 0 > 1000 0 > telnet 72 73 > 6178 5285 > 0 0 > 1000 0 > eigrp 0 1514928 > 0 112104672 > 0 0 > 0 0 > ntp 3662 2964 > 359670 296852 > 0 0 > 0 0 > l2tp 143 6 > 181500 724 > 0 0 > 0 0 > streamwork 128 8 > 161749 1067 > 0 0 > 0 0 > ssh 217 230 > 13020 15880 > 0 0 > 0 0 > imap 22 9 > 1776 606 > 0 0 > 0 0 > secure-pop3 15 20 > 910 1120 > 0 0 > 0 0 > nntp 3 3 > 408 1353 > > —–Original Message—– > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of > Rik > Guyler > Sent: Tuesday, February 26, 2008 11:07 AM > To: ‘Cisco certification’ > Subject: NBAR > > Does anybody have any real-world experience with NBAR detecting > peer-to-peer > traffic? I’m considering using this in place of something like a > Packeteer > box but don’t know how the two would compare for this. The only real feel > I > have for NBAR is from a lab environment. > > Thanks, > > Rik > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
