[c-nsp] Cisco nbar - How to detect media streamings

Velasquez Venegas Jaime Omar jaime at ulima.edu.pe
Fri Jun 23 17:42:36 EDT 2006 

Thank you Ray.
I've already configured nbar and I am aware of the protocols it can
detect.However,the problem is that 90% of the traffic from Internet to
my LAN is HTTP.Obviously these are not web browsing , these are in great
part several other protocols embedded into http, such as downloading
from content delivery services for youtube (which makes blocking youtube
with a nbar http url *youtube* ineffective measure),internet music radio
stations such as www.pandora.com ,other p2p protocols running in
tcp/80).

Thank you anyways,



-----Original Message-----
From: Ray Burkholder [mailto:ray at oneunified.net] 
Sent: Viernes, 23 de Junio de 2006 02:14 p.m.
To: Velasquez Venegas Jaime Omar
Subject: RE: [c-nsp] Cisco nbar - How to detect media streamings

These are build in to a router:

 bgp            Border Gateway Protocol
  citrix         Citrix Systems ICA protocol
  cuseeme        CU-SeeMe desktop video conference
  custom-01      Custom protocol custom-01
  custom-02      Custom protocol custom-02
  custom-03      Custom protocol custom-03
.
..
.
.
.

  

Some additional pdlm's can be downloaded:

Bittorrent
Edonkey
Skype
Gnutella
Skype
Winmx
Kazaa2
Napster

You use nbar to filter the protocolls requested.  You put the filters in
to a class-map.  You then use a policy-map to shape the bandwidth
available.
You use a service-policy to assign the policy to an interface.

Your alternative is to use something like l7-filter with the p2p patch
add-on and mastershaper to create your own 'packeteer' like device.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Velasquez
Venegas Jaime Omar
Sent: Friday, June 23, 2006 16:42
To: Matt Stevens
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco nbar - How to detect media streamings

Hi Matt,

Thank you for replying.My goal is not to block p2p or streamings at all
but to limit the rate on bandwidth usage for those protocols.
Do you know any way to detect media streamings (such as youtube,yahoo
streamings,online radios) with Cisco nbar?
Some people point me to Packeteer as the right tool to address this
problem.


-----Original Message-----
From: Matt Stevens [mailto:matt at elevate.org]
Sent: Viernes, 23 de Junio de 2006 11:59 a.m.
To: Velasquez Venegas Jaime Omar
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco nbar - How to detect media streamings

Most of the newer P2P PDLM files will detect the protocol on any port.

They appear in the list as being bound to their well-known port(s), but
will detect traffic matching the signature on any port.
--
matt


Velasquez Venegas Jaime Omar wrote:
> Hi.
> 
> I am currently having a problem with traffic from internet to our lan 
> overloading bandwith use percentage.Several captures of this traffic 
> reveal that this traffic is mainly http.Since it is very likely that 
> there is some other protocols embedded in these http sessions I have 
> been trying to use cisco nbar at the edge router to detect bittorrent 
> traffic, youtube video sessions and other different streamings suchs
as
> windows media streamings and radio streamings.
> 
> I ve found pdlms for bittorrent and other p2p protocols but it seems 
> cisco nbar must be binded to a range of protocols to detect it so I 
> can't bind bittorrent to tcp/80.
> 
> As for streaming, I ve found no way to detect video streamings and yes

> I've tried http mime video or audio to no avail.
> 
> Can anyone help?
> 
>  
> 
> Thanks!
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/





_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

--
Scanned for viruses and dangerous content at http://www.oneunified.net
and is believed to be clean.



--
Scanned for viruses and dangerous content at http://www.oneunified.net
and is believed to be clean.

More information about the cisco-nsp mailing list