[cisco-voip] Nbar missing some RTP traffic
Ellington, Chris
Chris.Ellington at inin.com
Thu Apr 17 10:35:26 EDT 2008
Well, yes that is true - however you can pick a range of ports to match - I do it all of the time. Use an extended ACL to match by port range if you like. Much more granular than trying to use nbar
chris
-----Original Message-----
From: Jeffrey Ollie [mailto:jeff at ocjtech.us]
Sent: Thursday, April 17, 2008 10:30 AM
To: Ellington, Chris
Cc: Jorge L. Rodriguez Aguila; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Nbar missing some RTP traffic
On Thu, Apr 17, 2008 at 8:42 AM, Ellington, Chris
<Chris.Ellington at inin.com> wrote:
> Why not just pick the exact traffic you are looking to match and match
> it? Don't worry about nbar messing it up - just grab the ports you're
> seeking and mark as such?
Because RTP traffic doesn't use a single UDP port. The phone (or
CallManager, the router, or whatever) picks a UDP port number at
random and sends that information to the other side via the signalling
protocol (SIP, H.323, SCCP, etc.).
Jeff
More information about the cisco-voip
mailing list