TOC & Recently Viewed

Recently Viewed Topics

Internal PVS Plugin IDs

Each vulnerability and real-time check PVS performs has a unique associated ID. PVS IDs are within the range 0 to 10000.

Internal PVS IDs

Some of PVS’s checks, such as detecting open ports, are built in. The following chart lists some of the more commonly encountered internal checks and describes what they mean:

PVS ID Name Description

0

Detection of Open Port

PVS has observed a SYN-ACK leave from a server.

1

Operating System Fingerprint

PVS has observed enough traffic about a server to guess the operating system.

2

Service Connection

PVS has observed browsing traffic from a host.

3

Internal Client Trusted Connections

PVS has logged a unique network session of source IP, destination IP, and destination port.

4

Internal Interactive Session

PVS has detected one or more interactive network sessions between two hosts within your focus network.

5

Outbound Interactive Sessions

PVS has detected one or more interactive network sessions originating from within your focus network and destined for one or more addresses on the Internet.

6

Inbound Interactive Sessions

PVS has detected one or more interactive network sessions originating from one or more addresses on the Internet to this address within your focus network.

7

Internal Encrypted Session

PVS has detected one or more encrypted network sessions between two hosts within your focus network.

8

Outbound Encrypted Session

PVS has detected one or more encrypted network sessions originating from within your focus network and destined for one or more addresses on the Internet.

9

Inbound Encrypted Session

PVS has detected one or more encrypted network sessions originating from one or more addresses on the Internet to this address within your focus network.

12

Number of Hops

PVS logs the number of hops away each host is located.

14

Accepts External Connections

PVS detects an external connection to this host. Specific IP addresses are not reported by this plugin, but it does track the destination port and protocol used. You can view full connection details in the real-time event log. This is the opposite of plugin 16, which reports on outbound connections.

15

Internal Server Trusted Connections

PVS has logged a unique network session of source IP, destination IP, and destination port. Specific IP addresses are not reported by this plugin, but it does track which destination port and protocol was used. You can view full connection details in the real-time event log. This is the opposite of plugin 14, which reports on inbound connections.

16

Outbound External Connection

PVS has detected an external connection from this host.

17

TCP Session

PVS identifies TCP sessions and reports the start time, number of bytes of data downloaded during, and end time of these sessions. This plugin is reported at the end of each TCP session.

18

IP Protocol Detection

PVS detects all IP protocols.

19

VLAN ID Reporting

PVS reports all observed VLAN tags per host.

20

IPv6 Tunneling

PVS identifies and processes tunneled IPv6 traffic.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.