Chapter 13 Understanding Application Protocol Inspection
Application protocol inspection provides three primary functions:
• It validates control traffic flows and/or verifies for RFC compliance.
• It monitors sessions for embedded IP addressing in the data portion of the packet.
• It examines session information for secondary channels.
Validation of control traffic flows may occur with protocols, such as Extended Simple Mail Transfer Protocol (ESMTP), where you want to allow only specific commands, such as DATA, HELO, QUIT, and so on. An example of RFC compliance verification is when the inspection engine is monitoring port 80 for HTTP traffic and another protocol (that is, Telnet) is attempting to use port 80 as well. Because the Telnet traffic ...