Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
0
Helpful
2
Replies

NBAR false positives?

jkeeffe
Level 2
Level 2

‎07-11-2008 09:58 AM - edited ‎03-09-2019 09:04 PM

Nbar protocol discovery in a 7206 router shows traffic in the winmx and eDonkey class. Before I raise to much of a fuss with users I need to make sure that this isn't a false positive. Does NBAR only match on tcp/udp ports for these two applications, or does it do deeper inspection and match on other patterns?

I just want to make sure that other applications aren't using the eDonkey and winmax ports.

Labels:
0 Helpful
2 Replies 2

a.alekseev
Level 7
Level 7

‎07-11-2008 12:49 PM

I had an issue with NBAR and winmx.

Some traffic, which was not really wimux, was classified as winmx.

0 Helpful

vcarbonaro
Level 1
Level 1
In response to a.alekseev

‎07-16-2008 05:57 PM

I'm having this issue now. NBAR shows lot of traffic as winmx, but there's no match on TCP port 6699, as the NBAR port-map shows. What did you use to identify this traffic?

0 Helpful
Customers Also Viewed These Support Documents