SESSION DATA
A session is a users ongoing interaction with the web application represented by http//sessionstate objects. Sessions aligned to as particular user can be kept and managed using session property tools on the web browser or Global.asax. Sessions data must be kept any time an individual access a web application online. When the user launches the application, the .NET runtime assigns the user a unique session ID which is retained by the user for the rest of the period. Each session ID identifies the user and the custom instance of the httpSessionState type holding on a user specific data. Syntactic insertion or retrieval of the session data is equivalent to manipulation of the application data.
FORMS OF SESSION DATA
Session data types vary according to the interaction with the applications. Four kinds of interactions occur and this is what regulates the type of session data. Notify session data implies the sate of a participant in relation to entering and leaving a particular state. Notify/respond state include the action taken by the session data infrastructure. Request session operation indicates a delay in action until an application indicates an action to be taken. Query session data uses a certain target query language to initiate action.
CISCO NETFLOW
This is a development from Cisco that allows the monitoring of bandwidth in extremely granular and accurate standards. NetFlow records network traffic into the device cache which can be displayed by the NetFlow analyzer. The records include routers and switches data comprising majorly of expired traffic statistics. Since the network traffic has a flow characteristic, the NetFlow accounting data built in the cache characterizes the IP traffic being forwarded. The flows contain information that details the source and destination IP addresses as well as the protocols and ports utilized in the end to end conversation. NetFlow Analyzer is a software that uses NetFlow to monitor bandwidth. Cisco routers and switches export NetFlow as UDP packets. Generally, NetFlow is used by IT administrators to monitor the source and destination of traffic as well as how it is generated.
BIG FLOW
Refers to the huge and complex flow of data in experienced in large enterprises. Standard NetFlow tools are not sufficient to monitor big flow data and therefore calls for more capable tools. This data could be in excess of 40Gbps and cannot be technically monitored by average NetFlow tools.
FPROBE
This is a tool that collects network traffic data and emits it as NetFlow flows toward a certain collector. Fprobe and fprobe-ulog are libpcap and libipulog-based tools consecutively.
FLOW TOOLS
These are tools for collecting and processing NetFlow data from Cisco and Jupiter routers. The tools are deployed together on a single server or distributed on multiple servers in case of large deployments. Flow data is collected by default in host byte order but the files are portable across big and small endian architectures.
EFLOW AND EFLOW TOOLKIT
eFlow implies to a technological measure of traffic in and out of certain network augmented with current flow rates to meet a set flow rate. eFlow allows the consideration of numerous flow components in a network and allows the use of different augmentation strategies to extend, mimic or reduce natural frequency of the specific flows.
Eflow tool kits is a tool used to measure and augment flow rates to meet a desired standard. The tool is used with NetFlow to adjust the level of traffic in a network.
ARGUS
It is a network monitoring and evaluation tool designed to monitor the status of network services hardware and servers. The tool automatically sent alerts when it detects problems and is built to support most network devices. It supports both IPv4 and IPv6 security solutions and is configured on simple text files to accommodate both distributed and redundant configurations.
TEPTRACE
TEPTRACE implies the network trace command integrated into Cisco IOS release to introduce to provide backup interfaces for network traffic statistics.
CISCORO ACCOUNTING
This is the implementation of MAC and IP address accounting using Cisco routers using SNMP protocol or any other mechanism. MAC address accounting gives accounting information for IP traffic as per the source and destination MAC addresses available on LAN interfaces. IP address accounting specifies the number of bytes and packets via a certain Cisco router on the source and destination IP address. Only the transit IP address is accounted and only on a outbound basis.
IPCAD
It is IP traffic accounting daemon- a process that runs to capture traffic and record it for later retrieval on the specified interfaces such as PCAP, ULOG, BPF, divert, and tee. The traffic is exported via NetFlow.
BMON
BMON is a bandwidth monitor that can retrieve statistics from diverse input modules. BMON provides different output methods and is primarily intended for debugging and monitoring in real-time.
TRASHOW
A command on the dialer interface that is configured to bind and show report statistics on the physical layer attached to the dialer interface.
IFSTAL
This is a conditional command that specifies the congestive discard threshold such that a certain number of messages on the queue with high-bandwidth conversations are dropped.
TCPDSTAST
It is a command that displays the tcpd statistic results on the network. Connections monitored by tcpd contain time stamps, client host name and the requested service recorded and reported via the syslog.
MRTG
Multi Router Traffic Grapher is an advanced tool for monitoring and measuring traffic load on a network links for long period of time. It is superior that BMON and provides a graphical representation of traffic load over a longer period.
Ntop
Ntop is a network probe that returns the network usage in a manner similar to what top returns on processes. It displays the network status on the user’s side in interactive mode and a HTML dump in the web mode. Ntop is supported by NetFlow emitter or collector.
Reference
Ciampa, M. D. (2011). Security+ Guide to Network Security Fundamentals. Cengage Learning.
James M. Stewart, M. C. (2012). CISSP: Certified Information Systems Security Professional Study Guide. John Wiley & Sons.
Matei, C. (2012). CCNP Security VPN 642-648 Quick Reference. Cisco Press.
