|
Network Monitoring Interface Card
A network monitoring interface card or NMIC is similar to a network card (NIC). However, unlike a standard network card, an NMIC is designed to passively (and silently) listen on a network. At a functional level, an NMIC may differ from a NIC, in that the NMIC may not have a MAC address, may lack the ability to transmit and may not announce its presence on a network. Advanced NMICs have features that include an ability to offload CPU intensive processing from a system's CPU, accurate time measurement, traffic filtering, and an ability to perform other application specific processing. Organizations often use a dedicated interface for all management traffic and thus create a ''management network''. This is done to minimize the impact on production traffic, ensure the integrity of management traffic and it helps by measuring true production traffic not the traffic generated to the act of measuring traffic. This is a separate function from NMICs that are used for data collection and proc ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
 |
Network Card
A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter or physical network interface, and by similar terms) is a computer hardware component that connects a computer to a computer network. Early network interface controllers were commonly implemented on expansion cards that plugged into a computer bus. The low cost and ubiquity of the Ethernet standard means that most newer computers have a network interface built into the motherboard, or is contained into a USB-connected dongle. Modern network interface controllers offer advanced features such as interrupt and DMA interfaces to the host processors, support for multiple receive and transmit queues, partitioning into multiple logical interfaces, and on-controller network traffic processing such as the TCP offload engine. Purpose The network controller implements the electronic circuitry required to communicate using a specific physical layer and data link layer standard ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
Ingress Filtering
In computer networking, ingress filtering is a technique used to ensure that incoming packets are actually from the networks from which they claim to originate. This can be used as a countermeasure against various spoofing attacks where the attacker's packets contain fake IP addresses. Spoofing is often used in denial-of-service attacks, and mitigating these is a primary application of ingress filtering. Problem Networks receive packets from other networks. Normally a packet will contain the IP address of the computer that originally sent it. This allows devices in the receiving network to know where it came from, allowing a reply to be routed back (amongst other things), except when IP addresses are used through a proxy or a spoofed IP address, which does not pinpoint a specific user within that pool of users. A sender IP address can be faked ( spoofed), characterising a spoofing attack. This disguises the origin of packets sent, for example in a denial-of-service attack. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
|
TCP Segmentation Offloading
TCP offload engine (TOE) is a technology used in some network interface cards (NIC) to offload processing of the entire TCP/IP stack to the network controller. It is primarily used with high-speed network interfaces, such as gigabit Ethernet and 10 Gigabit Ethernet, where processing overhead of the network stack becomes significant. TOEs are often used as a way to reduce the overhead associated with Internet Protocol (IP) storage protocols such as iSCSI and Network File System (NFS). Purpose Originally TCP was designed for unreliable low speed networks (such as early dial-up modems) but with the growth of the Internet in terms of backbone transmission speeds (using Optical Carrier, Gigabit Ethernet and 10 Gigabit Ethernet links) and faster and more reliable access mechanisms (such as DSL and cable modems) it is frequently used in data centers and desktop PC environments at speeds of over 1 Gigabit per second. At these speeds the TCP software implementations on host systems r ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
|
TCP Offload Engine
TCP offload engine (TOE) is a technology used in some network interface cards (NIC) to offload processing of the entire TCP/IP stack to the network controller. It is primarily used with high-speed network interfaces, such as gigabit Ethernet and 10 Gigabit Ethernet, where processing overhead of the network stack becomes significant. TOEs are often used as a way to reduce the overhead associated with Internet Protocol (IP) storage protocols such as iSCSI and Network File System (NFS). Purpose Originally TCP was designed for unreliable low speed networks (such as early dial-up modems) but with the growth of the Internet in terms of backbone transmission speeds (using Optical Carrier, Gigabit Ethernet and 10 Gigabit Ethernet links) and faster and more reliable access mechanisms (such as DSL and cable modems) it is frequently used in data centers and desktop PC environments at speeds of over 1 Gigabit per second. At these speeds the TCP software implementations on host systems re ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
|
SS7 Probe
An SS7 probe is a physical device to obtain signalling and/or bearer information from a telecommunications network, such as the PSTN or a corporate telephone system. The probe passively monitors the E1/ T1 or SDH/SONET bearer channels, and extracts the signalling information for onward presentation to an application. A passive probe does not affect the network under observation—this is achieved through use of protected monitor points on the network distribution frames. Applications The network application may be lawful interception or a revenue-generating application such as missed call. Probes are also extensively used in operational support systems (OSS). Applications served by probes include solutions for inter-carrier billing, revenue loss (by-pass/phantom traffic and analysis services), fraud prevention, billing, local number portability, quality of service, surveillance (global call trace), maintenance (protocol analysis), traffic engineering (link and trunk forecast ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
 |
Network Tap
A network tap is a system that monitors events on a local network. A tap is typically a dedicated hardware device, which provides a way to access the data flowing across a computer network. The network tap has (at least) three ports: an ''A port'', a ''B port'', and a ''monitor'' port. A tap inserted between A and B passes all traffic (send and receive data streams) through unimpeded in real time, but also copies that same data to its monitor port, enabling a third party to listen. Network taps are commonly used for network intrusion detection systems, VoIP recording, network probes, RMON probes, packet sniffers, and other monitoring and collection devices and software that require access to a network segment. Taps are used in security applications because they are non-obtrusive, are not detectable on the network (having no physical or logical address), can deal with full-duplex and non-shared networks, and will usually ''pass through'' or ''bypass'' traffic even if the tap s ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
Network Monitoring
Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages or other trouble. Network monitoring is part of network management. Details While an intrusion detection system monitors a network threats from the outside, a network monitoring system monitors the network for problems caused by overloaded or crashed servers, network connections or other devices. For example, to determine the status of a web server, monitoring software may periodically send an HTTP request to fetch a page. For email servers, a test message might be sent through SMTP and retrieved by IMAP or POP3. Commonly measured metrics are response time, availability and uptime, although both consistency and reliability metrics are starting to gain popularity. The widespread addition of WAN optimization devices is having an adverse effect on most network monitoring to ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
|
Lawful Interception
Lawful interception (LI) refers to the facilities in telecommunications and telephone networks that allow law enforcement agencies with court orders or other legal authorization to selectively wiretap individual subscribers. Most countries require licensed telecommunications operators to provide their networks with Legal Interception gateways and nodes for the interception of communications. The interfaces of these gateways have been standardized by telecommunication standardization organizations. As with many law enforcement tools, LI systems may be subverted for illicit purposes. With the legacy public switched telephone network (PSTN), wireless, and cable systems, lawful interception (LI) was generally performed by accessing the mechanical or digital switches supporting the targets' calls. The introduction of packet switched networks, softswitch technology, and server-based applications during the past two decades fundamentally altered how LI is undertaken. Lawful interceptio ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
|
Intrusion-detection System
An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms. IDS types range in scope from single computers to large networks. The most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). A system that monitors important operating system files is an example of an HIDS, while a system that analyzes incoming network traffic is an example of an NIDS. It is also possible to classify IDS by detection approach. The most well-known variants are signature-based detection (recogniz ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
|
Flow Analysis
Flow may refer to: Science and technology * Fluid flow, the motion of a gas or liquid * Flow (geomorphology), a type of mass wasting or slope movement in geomorphology * Flow (mathematics), a group action of the real numbers on a set * Flow (psychology), a mental state of being fully immersed and focused * Flow, a spacecraft of NASA's GRAIL program Computing * Flow network, graph-theoretic version of a mathematical flow * Flow analysis * Calligra Flow, free diagramming software * Dataflow, a broad concept in computer systems with many different meanings * Microsoft Flow (renamed to Power Automate in 2019), a workflow toolkit in Microsoft Dynamics * Neos Flow, a free and open source web application framework written in PHP * webMethods Flow, a graphical programming language * FLOW (programming language), an educational programming language from the 1970s * Flow (web browser), a web browser with a proprietary rendering engine Arts, entertainment and media * ''Flow'' (journal ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
 |
MAC Address
A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking technologies, including Ethernet, Wi-Fi, and Bluetooth. Within the Open Systems Interconnection (OSI) network model, MAC addresses are used in the medium access control protocol sublayer of the data link layer. As typically represented, MAC addresses are recognizable as six groups of two hexadecimal digits, separated by hyphens, colons, or without a separator. MAC addresses are primarily assigned by device manufacturers, and are therefore often referred to as the burned-in address, or as an Ethernet hardware address, hardware address, or physical address. Each address can be stored in hardware, such as the card's read-only memory, or by a firmware mechanism. Many network interfaces, however, support changing their MAC address. The address ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
|
Egress Filtering
In computer networking, egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another. Typically, it is information from a private TCP/IP computer network to the Internet that is controlled. TCP/IP packets that are being sent out of the internal network are examined via a router, firewall, or similar edge device. Packets that do not meet security policies are not allowed to leave – they are denied "egress". Egress filtering helps ensure that unauthorized or malicious traffic never leaves the internal network. In a corporate network, typical recommendations are that all traffic except that emerging from a select set of servers would be denied egress. Restrictions can further be made such that only select protocols such as HTTP, email, and DNS are allowed. User workstations would then need to be configured either manually or via proxy auto-config to use one of the allowed servers as a proxy. Corporate ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |