NBAR false positives?

Unanswered Question
Jul 11th, 2008

Nbar protocol discovery in a 7206 router shows traffic in the winmx and eDonkey class. Before I raise to much of a fuss with users I need to make sure that this isn't a false positive. Does NBAR only match on tcp/udp ports for these two applications, or does it do deeper inspection and match on other patterns?

I just want to make sure that other applications aren't using the eDonkey and winmax ports.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Fri, 07/11/2008 - 12:49

I had an issue with NBAR and winmx.

Some traffic, which was not really wimux, was classified as winmx.

vcarbonaro Wed, 07/16/2008 - 17:57

I'm having this issue now. NBAR shows lot of traffic as winmx, but there's no match on TCP port 6699, as the NBAR port-map shows. What did you use to identify this traffic?


This Discussion