Note: Passive Vulnerability Scanner® was renamed to Nessus Network Monitor in June 2017. Older materials and documentation still refer to Passive Vulnerability Scanner.
Nessus Network Monitor continuously monitors the network, detecting usage of cloud services, identifying new assets as they become active on the network and profiling an asset’s operating system, active applications, services, network connections and associated vulnerabilities. The new capabilities in Nessus Network Monitor 5 give you a complete view of assets and activities across your computing environments, helping you identify and prioritize weaknesses that need attention.
Identifying Selected TLS-Encrypted Application Traffic
Internet application traffic is often encrypted with Transport Layer Security (TLS). Unless organizations deploy relatively expensive network devices designed to decrypt TLS, they will be blind to the applications associated with the traffic. Nessus Network Monitor v5 increases application visibility by using TLS fingerprinting to discover applications whose traffic is encrypted.
Improved User Interface
Nessus Network Monitor v5 includes an enhanced user interface that provides a summarized dashboard containing multiple high-level summarized views into hosts, vulnerabilities, applications, operating systems, connections and mobile devices discovered by Nessus Network Monitor. Additional improvements include:
- A chord diagram that visualizes the client connections to servers on well-known ports
- A network bandwidth chart trends the amount of data sent from client hosts to server hosts and vice versa
- Improved navigation between client and server hosts, and new pivoting capabilities on any host
- A Sankey diagram that provides a view of connections between client and server hosts by either host or by network service
Improved VLAN Monitoring
Enterprise networks are increasingly being segmented into Virtual Local Area Networks (VLANS) to increase performance and security. Nessus Network Monitor 5.0 includes a new Plugin (ID 19) that summarizes all observed VLAN tags for a given host. This helps determine if a host has switched VLANS or is present on an incorrect or unexpected VLAN.
Detection and Analysis of Tunneled IPv6 Traffic
In addition to reporting the presence of tunneled IPv6 traffic, Nessus Network Monitor now processes the IPv6 traffic within the tunnel. Teredo, 6to4 and 6in4 tunnel detections are now summarized in a single plugin (ID 20), and other detections will be associated to the IP addresses found within the tunneled traffic.
Increased Analysis of IPv6 Traffic
Nessus Network Monitor now detects the presence of IPv6 headers and performs a complete analysis of IPv6 packets that contain extension headers.
Extended Packet Filtering
Nessus Network Monitor provides more targeted packet filtering by extending its BPF filter support.