Hello Yogesh, Well FPM is by far the most detailed method to match payload in the traffic , but i think NBAR could also be used to perform some crude payload matching. For example , suppose we want to match traffic destined to port UDP 6060 which has the hex string "98AB" at an offset of 6 bytes from the start of the packet, we could define a custom protocol and configure it to match the string , like this:
# ip nbar custom <NAME OF THE CUSTOM PROTOCOL> 6 hex 98AB destination udp 6060. This definitely is not as powerful as FPM in the sense that, for defining a custom NBAR protocol , we need to know the TCP or UDP ports that the traffic is destined for. It's not as flexible as FPM. My question was, since the question mentioned NBAR , are we allowed to use FPM as our matching technique? If yes, great :) Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
