Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

TCP Metrics Report

by Steve Tilson
July 11, 2017

TCP_METRICS_Report

Monitoring of TCP network connection statistics assist in evaluating applications use of ports relevant to network security. TCP is used broadly by many applications available by internet, including most notably the World Wide Web, E-mail, File Transfer Protocol, Secure Shell, peer-to-peer file sharing, and streaming media applications. This report provides analysts with detailed statistics for TCP port usage.

TCP manages the fragmentation of messages or files into smaller packets that can be transmitted across the internet and reassembled at their destination. TCP relies on Internet Protocol (IP) for transmission and is often referred to as TCP/IP. TCP provides a communication service at an intermediate level between an application program and the Internet Protocol. TCP is a connection-oriented protocol, which means a connection is established and maintained until the applications at each end have finished exchanging messages. However, TCP protocols lack basic mechanisms for security, such as authentication or encryption.

This report provides analysts with detailed statistics for TCP port usage. A chapter is dedicated to port usage statistics by utilizing different analytical tools and filtering methods from Tenable. Analysts are provided a broad view of TCP activity by utilizing each product that results in a clear picture of all TCP activity monitoring efficiency and security.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards and assets. The report can be easily located in the SecurityCenter Feed under the category Monitoring.

The report requirements are:

  • SecurityCenter 5.5
  • Nessus 6.10.8
  • Nessus Network Monitor 5.3.0
  • LCE 5.0.1
  • TenableNetFlowMonitor 
  • TenableNetworkMonitor

Note:  For efficiency, the report results have been limited to first ten results. The number of results or the iterator filter can be modified based on your organizational requirements. 

Tenable SecurityCenter Continuous View® (SecurityCenter CV™) provides continuous network monitoring, vulnerability identification and security monitoring. SecurityCenter CV is continuously updated with information about advanced threats, zero-day vulnerabilities and new types of regulatory compliance configuration audit files. Tenable constantly analyzes information from our unique sensors, delivering continuous visibility and critical context, and enabling decisive action that transforms a security program from reactive to proactive. Active scanning periodically examines the applications on the systems, the running processes and services, web applications, and configuration settings. With these tools, analysts can better analyze TCP metrics with hosts communication in the environment. Tenable enables powerful, yet non-disruptive, continuous monitoring that will provide organizations with the information needed to reduce risk within the enterprise.

This report contains the following chapters:

Open Port Summary:  The Open Port Summary chapter presents the output from the “netstat” command using the Netstat Portscanner SSH plugin ID 14272.  Additionally, for Windows computers, the process information is also included by using the Netstat Portscanner plugin ID 34220. The data in this chapter provides statistical data for systems and the TCP ports on which they are listening.

TCP Trusted Client Connections:  This chapter uses the Nessus Network Monitor plugin 3, 'Internal client trusted connection' to report connections from clients to servers on various ports. Information displayed provides analysts with detailed statistics of ports and the trusted host connection established.

TCP Trusted Server Connection:  This chapter uses the Nessus Network Monitor plugin 15, 'Internal server trusted connection' to report connections from servers to clients on various ports. This information assists analysts with port statistics that are common across the network.

Outbound External Connections:  This chapter uses the Nessus Network Monitor plugin 16, 'Outbound external connection' to report connections from clients to external servers on various ports. This information assists analysts with port statistics that are common across the network.

Tenable Network Monitor (TNM):  The data in this chapter displays the statistical port usage data collected using the TNM.  The TNM is designed to monitor network traffic and send session information to the LCE server. 

Tenable NetFlow Monitor (TFM):  The Tenable NetFlow Monitor chapter displays the statistical port usage data collected using the TFM.  The TFM client takes advantage of the ability in most modern routers to use the NetFlow protocol to send network session statistics to remote collectors for processing and reporting. 

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training