Will NBAR with the latest pdlm be capable of recognizing traffic on port 80 that is p2p like kazAa and differentiate between that and HTTP?. In other words can I rate limit and/or Drop P2P applications functioning on port 80 and not effect HTTP? Most documnetation suggests "deep packet inspection" and recognizing statefulness but i was curious if anyone knows if this is reliable.
Most of the control traffic is encrypted except for the ones that go over the regular http port 80. Most of the bandwidth hog is the data traffic and not the control traffic. The Kazaa2 pdlm classifies the traffic by looking for a Kazaa specific string within the Kazaa Data Traffic - regardless of the port number used.
Here is a sample config:
match protocol http url *topsearch* - for the control traffic on port 80
match protocol http host www.cms1.net - control traffic on port 80
match protocol http host *kazaa* - control traffic on port 80
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...