Internal Tenable Nessus Network Monitor Plugin IDs
Each vulnerability and real-time check Tenable Nessus Network Monitor performs has a unique associated ID. Tenable Nessus Network Monitor IDs are within the range 0 to 10000.
Internal Tenable Nessus Network Monitor IDs
Some of Tenable Nessus Network Monitor’s checks, such as detecting open ports, are built in. The following chart lists some of the more commonly encountered internal checks and describes what they mean:
NNM ID |
Name |
Description |
---|---|---|
0 |
Detection of Open Port |
Tenable Nessus Network Monitor has observed a SYN-ACK leave from a server. |
1 |
Operating System Fingerprint |
Tenable Nessus Network Monitor has observed enough traffic about a server to guess the operating system. |
2 |
Service Connection |
Tenable Nessus Network Monitor has observed browsing traffic from a host. |
3 |
Internal Client Trusted Connections |
Tenable Nessus Network Monitor has logged a unique network session of source IP, destination IP, and destination port. |
4 |
Internal Interactive Session |
Tenable Nessus Network Monitor has detected one or more interactive network sessions between two hosts within your focus network. |
5 |
Outbound Interactive Sessions |
Tenable Nessus Network Monitor has detected one or more interactive network sessions originating from within your focus network and destined for one or more addresses on the Internet. |
6 |
Inbound Interactive Sessions |
Tenable Nessus Network Monitor has detected one or more interactive network sessions originating from one or more addresses on the Internet to this address within your focus network. |
7 |
Internal Encrypted Session |
Tenable Nessus Network Monitor has detected one or more encrypted network sessions between two hosts within your focus network. |
8 |
Outbound Encrypted Session |
Tenable Nessus Network Monitor has detected one or more encrypted network sessions originating from within your focus network and destined for one or more addresses on the Internet. |
9 |
Inbound Encrypted Session |
Tenable Nessus Network Monitor has detected one or more encrypted network sessions originating from one or more addresses on the Internet to this address within your focus network. |
12 |
Number of Hops |
Tenable Nessus Network Monitor logs the number of hops away each host is located. |
14 |
Accepts External Connections |
Tenable Nessus Network Monitor detects an external connection to this host. Specific IP addresses are not reported by this plugin, but it does track the destination port and protocol used. You can view full connection details in the real-time event log. This is the opposite of plugin 16, which reports on outbound connections. |
15 |
Internal Server Trusted Connections |
Tenable Nessus Network Monitor has logged a unique network session of source IP, destination IP, and destination port. Specific IP addresses are not reported by this plugin, but it does track which destination port and protocol was used. You can view full connection details in the real-time event log. This is the opposite of plugin 14, which reports on inbound connections. |
16 |
Outbound External Connection |
Tenable Nessus Network Monitor has detected an external connection from this host. |
17 |
TCP Session |
Tenable Nessus Network Monitor identifies TCP sessions and reports the start time, number of bytes of data downloaded during, and end time of these sessions. This plugin is reported at the end of each TCP session. |
18 |
IP Protocol Detection |
Tenable Nessus Network Monitor detects all IP protocols. |
19 |
VLAN ID Reporting |
Tenable Nessus Network Monitor reports all observed VLAN tags per host. |
20 |
IPv6 Tunneling |
Tenable Nessus Network Monitor identifies and processes tunneled IPv6 traffic. |