[nsp] NBAR, Gnutella and 'match protocol http url'
Matt Stevens
matt at elevate.org
Wed Jun 25 13:52:15 EDT 2003
I'm doing some testing with NBAR - with the main goal of policing Fasttrack and
Gnutella based P2P traffic.
It seems that the Kazaa2 PDLM does a pretty good job of recognizing
Kazaa/Fasttrack and allowing it to be controlled. The Gnutella based traffic on
the other hand seems to be relatively unaffected. The gnutella PDLM seems to be
port-based and not able to track the connections when they use non-standard
ports.
In the same vein trying to match gnutella traffic using 'match protocol http
url' statements seems to have no effect, since matching url's also seems
confined to traffic on port 80.
Is this what others have experienced as well?
The testing I'm doing is on a 2621 running 12.2(11)T8 with the kazaa2 pdlm added
- since that's all that will fit in 64M RAM/16M Flash. Eventually this will be
deployed on 7206VXR's. Have the PDLM's been improved any in newer releases - or
am I seeing pretty much what one would expect?
Thanks for any insight you all can lend.
--
matt
More information about the cisco-nsp
mailing list