Anyine using the "ip nbar protocol-discovery" option?

Unanswered Question
Oct 16th, 2007


On my Cisco 877 router (running in VPN mode) I have the ip nbar protocol-discovery enabled on the VLAN 1 interface. I also have Netflow on a local PC. When I run "show ip nbar protocol-discovery interface vlan 1" it shows that edonkey and skype are running through the interface!

I'm not sure how long the data is kept on the router or if it's refreshed every few minutes, but I have just run it when only 4 IP printers and 1 laptop are on the network and these 2 apps are running apparently. I have checked the laptop and can't find the P2P edonkey app or Skype app. Why is it shwing up as nbar is deep packet inspection?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
royalblues Mon, 10/22/2007 - 23:23

Once a protcol is found by NBAR, it shows the byte/packet counter that is matched against this.

I do not of the vaild aging time for these statistics but for testing you can clear the NBAR statistics and confirm whether the protocol is being discovered again. This can be done by using the following command clear ip nbar protocol-discovery

Also disabling and enabling ip nbar protocol-discovery will flush all the counters




This Discussion