cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
477
Views
0
Helpful
2
Replies

NBAR doesn'r recognize Kazaa

p-tanjevic
Level 1
Level 1

Hi here is the config on my Cisco 3640 [IOS Version 12.2(19)]

*****************************************

class-map match-any p2p

match protocol kazaa2

match protocol fasttrack

match protocol napster

match protocol gnutella

match protocol http url "\.hash=*"

!

!

policy-map Halt

class p2p

police 8000 1000 1000 conform-action drop exceed-action drop

interface FastEthernet0/1

.

.

service-policy input Halt

*****************************************

I have Kazaa Lite on my PC and I can downlaod files without any problems.

Here is the output from 3640:

#sh policy-map interface fa0/1

FastEthernet0/1

Service-policy input: Halt

Class-map: p2p (match-any)

11964 packets, 741768 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol kazaa2

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol fasttrack

11907 packets, 738234 bytes

5 minute rate 0 bps

Match: protocol napster

12 packets, 744 bytes

5 minute rate 0 bps

Match: protocol gnutella

45 packets, 2790 bytes

5 minute rate 0 bps

Match: protocol http url "\.hash=*"

0 packets, 0 bytes

5 minute rate 0 bps

police:

8000 bps, 1000 limit

conformed 11842 packets, 734204 bytes; action: drop

exceeded 122 packets, 7564 bytes; action: drop

conformed 0 bps, exceed 0 bps

Class-map: class-default (match-any)

3433202 packets, 1076270527 bytes

5 minute offered rate 170000 bps, drop rate 0 bps

Match: any

Any solution?

Thanks in advance,

2 Replies 2

Hello,

what happens when you include the following two lines in your class:

match protocol fasttrack file-transfer "*"

match protocol gnutella file-transfer "*"

Regards,

GP

george.goebel
Level 1
Level 1

That's because the pdlm files are not being updated to stop the new versions of these P2P fileshare programs. Kazaa lite, Imesh, newer versions of Gnutella and its variations are getting through undetected. I opened a case with Cisco TAC about this. What I was told is that Cisco has no plans to update the pdlms to stop Imesh etc. Their reason, "Not enough customer demand." I do see where they staged a pdlm for eDonkey, but the Kazaa2.pdlm date stamped 2/14 is the same pdlm I downloaded back on 10/2003. In the Cisco line of thinking concerning this problem, initially there was customer demand and a need to stop this threat, but now there is no more demand and no threat. Good Grief. What BS.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: