Date Added: Apr 2010
The common process of classifying network traffic resorting to a set of IP header fields and well-known communication ports is highly fallible as some applications try to hide their true nature by, for instance, using dynamic, non default ports. In this paper, the authors argue and demonstrate that application layer inspection is a possible and convenient approach to derive the correct application protocol. This detection and classification process is crucial to allow an efficient control of traffic entering the network. Taking pfSense as a case study, they extend its current layer 3 and 4 classification scheme with Layer 7 (L7) capabilities, providing a powerful solution to control traffic based on application patterns.