as, paas a pes spe e efa st t ed T'

About This Presentation

Title:

as, paas a pes spe e efa st t ed T'

Description:

Imesh. LimeWire. Morpheus. 8. ?e?t???????? ad??a ?e? d??t???. S? p??as a. ???a?a ?a? saf?? ? d??a?? ?ata?? ? d??t?a??? p???? eta?? efa? ???? ?a? ???st?? ... – PowerPoint PPT presentation

Number of Views:86

Avg rating:3.0/5.0

Slides: 33

Provided by: ciscoc

Category:

more less

Transcript and Presenter's Notes

Title: as, paas a pes spe e efa st t ed T'

1
?a????µ?s?, pa?a???????s? ?a? pe?????sµ??
???s?µ?p????µe??? e????? ????? efa?µ???? st?
???t?? ?ed?µ???? ??T.
??µ?t???? ? ?d?µ?? ???? ??T
107 NW98
2
Agenda

?e?t???????? ad??aµ?e? d??t???
??t?a
??a???µµata
Unknown traffic
S?µpe??sµata

3
?e?t???????? ad??aµ?e? d??t???

Web Service
10KB/sec se ??e? a??µ??
?a??st???s? st?? ap????s?
?µesa ??at? ? ?p?ß??µ?s? t?? p???t?ta? st???
???ste?

4
?e?t???????? ad??aµ?e? d??t???
Average in 96.6 Average out 86.9
5
?e?t???????? ad??aµ?e? d??t???

?e????
12000 e?e???? ???ste?
9000 p???e? d??t???
8326 ?ata????µ???? ?p?????st??

6
?e?t???????? ad??aµ?e? d??t???

?e????

7
?e?t???????? ad??aµ?e? d??t???

??e? efa?µ?????
P2P
Napster,
Kazaa kazaalite
Gnutella
Fasttrack
Edonkey
Shareaza
Emule
DC
Torrent
Soulseek
Blubster
Imesh
LimeWire
Morpheus

8
?e?t???????? ad??aµ?e? d??t???

S?µp??asµa
???a?a ?a? saf?? µ? d??a?? ?ata??µ? d??t?a???
p???? µeta?? efa?µ???? ?a? ???st??
?d??aµ?a d?a?e???st???? ep?pte?a? ?a? ep?µßas??

9
Agenda

?e?t???????? ad??aµ?e? d??t???
??t?a
??a???µµata
Unknown traffic
S?µpe??sµata

10
??t?a

???? s?????a??? d??µ?????t??
?a????µ?s? e?e???? efa?µ????
?p?t?p?s? ?p?pte?a
?e?????sµ??

11
Agenda

?e?t???????? ad??aµ?e? d??t???
??t?a
?a????µ?s? e?e???? efa?µ????
?p?t?p?s? ?p?pte?a
?e?????sµ??
??a???µµata
Unknown traffic
S?µpe??sµata

12
?a????µ?s? e?e???? efa?µ????

?at??????p???s? ?a? ?µad?p???s? e?e???? flows
a?????a µe t? e?d?? t?? efa?µ???? ap? t?? ?p??e?
p???????ta?
Cisco NBAR (Network-based Application
Recognition)
Identify applications and protocols from Layer 4
through Layer 7
NBAR can now inspect the full packet payload
???µ???s? µe ?at?????a Packet Description
Language Modules (PDLM)

13
?a????µ?s? e?e???? efa?µ????
14
Agenda

?e?t???????? ad??aµ?e? d??t???
??t?a
?a????µ?s? e?e???? efa?µ????
?p?t?p?s? ?p?pte?a
?e?????sµ??
??a???µµata
Unknown traffic
S?µpe??sµata

15
?p?t?p?s? ?p?pte?a
16
Agenda

?e?t???????? ad??aµ?e? d??t???
??t?a
?a????µ?s? e?e???? efa?µ????
?p?t?p?s? ?p?pte?a
?e?????sµ??
??a???µµata
Unknown traffic
S?µpe??sµata

17
?e?????sµ??
18
Agenda

?e?t???????? ad??aµ?e? d??t???
??t?a
?a????µ?s? e?e???? efa?µ????
?p?t?p?s? ?p?pte?a
?e?????sµ??
??a???µµata
Unknown traffic
S?µpe??sµata

19
??a???µµata
p2p 12.89 Mbps http 7.87 Mbps
20
??a???µµata
p2p 5.08 Mbps http 11.32 Mbps unkn 11.23
Mbps
21
Agenda

?e?t???????? ad??aµ?e? d??t???
??t?a
?a????µ?s? e?e???? efa?µ????
?p?t?p?s? ?p?pte?a
?e?????sµ??
??a???µµata
Unknown traffic
S?µpe??sµata

22
Unknown traffic

Update pdlm signatures

23
Unknown traffic

debug ip nbar unclassified-port-stats

24
Unknown traffic

19069 (Dec) ltgt 4A7D (HEX)

25
Unknown traffic

debug ip nbar filter destination_port 19609
debug ip nbar trace 50
debug ip nbar capture 200 10 10 20

Number of bytes to capture per packet.
Number of starting packets to capture, in other
words, how many packets to capture after the
TCP/IP SYN packet.
Number of final packets to capture, in other
words, how many packets at the end of the flow
for which space should be reserved.
Number of total packets to capture.

26
Unknown traffic