TOC & Recently Viewed

Recently Viewed Topics

Internal NNM Plugin IDs

Each vulnerability and real-time check NNM performs has a unique associated ID. NNM IDs are within the range 0 to 10000.

Internal NNM IDs

Some of NNM’s checks, such as detecting open ports, are built in. The following chart lists some of the more commonly encountered internal checks and describes what they mean:

NNM ID Name Description

0

Detection of Open Port

NNM has observed a SYN-ACK leave from a server.

1

Operating System Fingerprint

NNM has observed enough traffic about a server to guess the operating system.

2

Service Connection

NNM has observed browsing traffic from a host.

3

Internal Client Trusted Connections

NNM has logged a unique network session of source IP, destination IP, and destination port.

4

Internal Interactive Session

NNM has detected one or more interactive network sessions between two hosts within your focus network.

5

Outbound Interactive Sessions

NNM has detected one or more interactive network sessions originating from within your focus network and destined for one or more addresses on the Internet.

6

Inbound Interactive Sessions

NNM has detected one or more interactive network sessions originating from one or more addresses on the Internet to this address within your focus network.

7

Internal Encrypted Session

NNM has detected one or more encrypted network sessions between two hosts within your focus network.

8

Outbound Encrypted Session

NNM has detected one or more encrypted network sessions originating from within your focus network and destined for one or more addresses on the Internet.

9

Inbound Encrypted Session

NNM has detected one or more encrypted network sessions originating from one or more addresses on the Internet to this address within your focus network.

12

Number of Hops

NNM logs the number of hops away each host is located.

14

Accepts External Connections

NNM detects an external connection to this host. Specific IP addresses are not reported by this plugin, but it does track the destination port and protocol used. You can view full connection details in the real-time event log. This is the opposite of plugin 16, which reports on outbound connections.

15

Internal Server Trusted Connections

NNM has logged a unique network session of source IP, destination IP, and destination port. Specific IP addresses are not reported by this plugin, but it does track which destination port and protocol was used. You can view full connection details in the real-time event log. This is the opposite of plugin 14, which reports on inbound connections.

16

Outbound External Connection

NNM has detected an external connection from this host.

17

TCP Session

NNM identifies TCP sessions and reports the start time, number of bytes of data downloaded during, and end time of these sessions. This plugin is reported at the end of each TCP session.

18

IP Protocol Detection

NNM detects all IP protocols.

19

VLAN ID Reporting

NNM reports all observed VLAN tags per host.

20

IPv6 Tunneling

NNM identifies and processes tunneled IPv6 traffic.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.