Detecting Encrypted and Interactive Sessions
NNM can be configured to detect both encrypted and interactive sessions. An encrypted session is a TCP or UDP session that contains sufficiently random payloads. An interactive session uses timing and statistical profiling of the packets in a session to determine if the session involves human input at a command line prompt.
In both cases, NNM identifies these sessions for the given port and IP protocol. It then lists the detected interactive or encrypted session as vulnerabilities.
NNM has a variety of plugins to recognize telnet, Secure Shell (SSH), Secure Socket Layer (SSL), and other protocols. Combined with the detection of the interactive and encryption algorithms, NNM may log multiple forms of identification for the detected sessions.
For example, NNM may recognize not only an SSH service running on a high port as an encrypted session, but also recognize the version of SSH and determine any vulnerabilities associated with it.