Cisco Link: NBAR!!!
So NBAR provides to your network basically the equivalent of an application layer packet sniffer. It was originally conceived to assist in providing quality of service more granularly to applications that traverse the network. You can call out things such as http, gnutella, bittorrent, etc....and you router or device can recognize the data and place it, or classify it, however you saw fit. Here is a good example of an NBAR config:
lunde-edge(config)#class-map match-all MATCH_HTTP
lunde-edge(config-cmap)#match protocol http ? \\this is NBAR
c-header-field Client general Header Field
host Server Host Name
mime Match MIME Type
s-header-field Server general Header Field
url Match URL String \\you can match a url!
lunde-edge(config-cmap)#match protocol http
lunde-edge(config)#policy-map MATCH_HTTP \\create your policy-map
lunde-edge(config-pmap)#class MATCH_HTTP \\bind your class to policy
lunde-edge(config-pmap-c)#drop \\your **action**
lunde-edge(config-if)#service-policy [input\output] MATCH_HTTP \apply your policy
lunde-edge#show class-map \\display your class-map
Class Map match-all MATCH_HTTP (id 2)
Match protocol http
Class Map match-any class-default (id 0)
lunde-edge#show policy-map \\display your policy map
Policy Map MATCH_HTTP
Some IOS's have different applications installed on them, but Cisco releases PLDM's, or packet description module language packs that you can install on your system to add more, or to update application signatures. This is a pretty cool feature, that as you can see, can also double as a security measure, stopping unwanted traffic at the application level. I did not show any here (I simply dropped http packets), but you can apply different ip precendence, and DSCP marking to traffic that matches an NBAR match statement.