Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
226
Views
0
Helpful
1
Replies

NBAR port 80 P2P

jmessina
Level 1
Level 1

‎12-24-2002 05:18 AM - edited ‎03-09-2019 01:29 AM

Will NBAR with the latest pdlm be capable of recognizing traffic on port 80 that is p2p like kazAa and differentiate between that and HTTP?. In other words can I rate limit and/or Drop P2P applications functioning on port 80 and not effect HTTP? Most documnetation suggests "deep packet inspection" and recognizing statefulness but i was curious if anyone knows if this is reliable.

Thank you for any feedback.

Labels:
0 Helpful
1 Reply 1

j-block
Level 4
Level 4

‎12-31-2002 12:51 PM

Most of the control traffic is encrypted except for the ones that go over the regular http port 80. Most of the bandwidth hog is the data traffic and not the control traffic. The Kazaa2 pdlm classifies the traffic by looking for a Kazaa specific string within the Kazaa Data Traffic - regardless of the port number used.

Here is a sample config:

match protocol http url *topsearch* - for the control traffic on port 80

match protocol http host www.cms1.net - control traffic on port 80

match protocol http host *kazaa* - control traffic on port 80

match protocol kazaa2 - data traffic

match protocol fasttrack - data traffic

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents