Deep Network Analyzer (DNA)

Session Definition and Ouput

Data Dictionary
TCP/UDP Session - Summary of TCP/UDP Client/Server communication connection
startTime
java.sql.timestamp - Time the first packet was seen for this session
sensorName
String - The configured name of the DNASensor that captured this session
interface_f1
String - The name of the network interface that the client->server flow was captured
interface_f2
String - The name of the network interface that the server->client flow was captured
session
String - The unique key that descibes the session
duration
Long - Then time in milliseconds from the first packet to the last packet
protocol
String - The name of the Layer 4 protocol |TCP|UDP|ICMP|
client_addr
String - The IP Address of the client which initiated the session
client_port
Integer - The port of the client that the session was sent on
server_addr
String - The IP Address of the server which recieved the connection
server_port
Integer - The port of the server which recived the connection
status
String - The closed status of the session determined by the sensor at the point the session was flushed for output |open|closed|
service_name
String - The Layer 7 protocol name. see /etc/services
packets_sent
Long - The number of packets sent from the client to the server
packets_recv
Long - The number of packets sent from the server to the client
data_sent
Long - The number of bytes sent from the client to the server
data_recv
Long - The number of bytes sent from the server to the client
retry_packets_sent
Long - The number of retry packets sent from the client to the server
retry_packets_recv
Long - The number of retry packets sent from the server to the client

Session Output

startTime sensorName interfaceF1 interfaceF2 sessionKey duration protocolName clientAddr clientPort serverAddr serverPort status serviceName packetsSent packetsRecv dataSent dataRecv retryPktSent retryPktRecv
2005-12-28 21:48:03 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef186 496 tcp 69.105.125.186 61208 209.132.177.100 443 closed https 14 12 1767 3040 0 0
2005-12-28 21:48:00 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef176 3394 tcp 69.105.125.186 61207 209.132.177.100 443 closed https 14 13 1527 3096 0 0
2005-12-28 21:48:06 home.lan eth1 eth1 ffffffffcd9e3e6b6e45697dbaef196 446 tcp 69.105.125.186 61209 205.158.62.107 110 closed pop3 9 9 418 495 0 0
2005-12-28 21:49:07 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef1b6 623 tcp 69.105.125.186 61211 209.132.177.100 443 closed https 14 13 1767 3080 0 0
2005-12-28 21:49:03 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef1a6 3397 tcp 69.105.125.186 61210 209.132.177.100 443 closed https 14 13 1527 3096 0 0
2005-12-28 21:49:13 home.lan eth1 eth1 267655155045697dbaef1c6 282 tcp 69.105.125.186 61212 38.118.85.21 80 closed http 5 4 465 375 0 0
2005-12-28 21:50:08 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef1e6 490 tcp 69.105.125.186 61214 209.132.177.100 443 closed https 14 12 1767 3040 0 0
2005-12-28 21:50:07 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef1d6 483 tcp 69.105.125.186 61213 209.132.177.100 443 closed https 14 12 1527 3056 0 0
2005-12-28 21:51:08 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef1f6 486 tcp 69.105.125.186 61215 209.132.177.100 443 closed https 14 12 1527 3056 0 0
2005-12-28 21:51:08 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef206 9391 tcp 69.105.125.186 61216 209.132.177.100 443 closed https 14 13 1767 3080 0 0
2005-12-28 21:52:18 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef256 496 tcp 69.105.125.186 61221 209.132.177.100 443 closed https 14 12 1767 3040 0 0
2005-12-28 21:52:18 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef246 486 tcp 69.105.125.186 61220 209.132.177.100 443 closed https 14 12 1527 3056 0 0
2005-12-28 21:52:51 home.lan eth1 eth1 4529aadf203545697dbaef286 165 tcp 69.105.125.186 61224 69.41.170.223 8245 closed Dynsite 6 5 370 519 0 0
2005-12-28 21:53:07 home.lan eth1 eth1 ffffffffcd9e3e6b6e45697dbaef296 538 tcp 69.105.125.186 61225 205.158.62.107 110 closed pop3 9 11 418 575 0 0
2005-12-28 21:53:21 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef2a6 17367 tcp 69.105.125.186 61226 209.132.177.100 443 closed https 9 8 1290 2187 0 0
2005-12-28 21:54:14 home.lan eth1 eth1 267655155045697dbaef2b6 283 tcp 69.105.125.186 61227 38.118.85.21 80 closed http 5 4 465 375 0 0
2005-12-28 21:54:22 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef2d6 496 tcp 69.105.125.186 61229 209.132.177.100 443 closed https 14 12 1767 3040 0 0
2005-12-28 21:54:21 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef2c6 485 tcp 69.105.125.186 61228 209.132.177.100 443 closed https 14 12 1527 3056 0 0
2005-12-28 21:49:03 home.lan eth1 (null) ffffffffddd0d0029d3d45697dba4026 0 udp 221.208.208.2 40253 69.105.125.186 1026 open unknown 1 0 485 0 0 0
2005-12-28 21:49:04 home.lan eth1 (null) ffffffffddd0d0029d3e45697dba4026 0 udp 221.208.208.2 40254 69.105.125.186 1026 open unknown 1 0 485 0 0 0
2005-12-28 21:49:04 home.lan eth1 (null) ffffffffddd0d004937845697dba4026 0 udp 221.208.208.4 37752 69.105.125.186 1026 open unknown 1 0 485 0 0 0
2005-12-28 21:55:22 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef2f6 493 tcp 69.105.125.186 61231 209.132.177.100 443 closed https 14 12 1767 3040 0 0
2005-12-28 21:55:22 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef2e6 526 tcp 69.105.125.186 61230 209.132.177.100 443 closed https 14 12 1527 3056 0 0
2005-12-28 21:53:21 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef2a6 122019 tcp 69.105.125.186 61226 209.132.177.100 443 closed https 11 9 1370 2227 0 0
2005-12-28 21:51:17 home.lan eth1 eth1 42bbe0047b45697dbaef216 79 udp 69.105.125.186 61217 66.187.224.4 123 open ntp 1 1 76 76 0 0
2005-12-28 21:56:23 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef306 16795 tcp 69.105.125.186 61232 209.132.177.100 443 closed https 9 8 1290 2187 0 0
2005-12-28 21:57:23 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef316 9392 tcp 69.105.125.186 61233 209.132.177.100 443 closed https 14 13 1527 3096 0 0
2005-12-28 21:52:07 home.lan eth1 eth1 ffffffff94a784c87b45697dbaef226 33 udp 69.105.125.186 61218 148.167.132.200 123 open ntp 1 1 76 76 0 0
2005-12-28 21:52:12 home.lan eth1 eth1 ffffffffc053f91f7b45697dbaef236 10 udp 69.105.125.186 61219 192.83.249.31 123 open ntp 1 1 76 76 0 0
2005-12-28 21:57:32 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef326 17351 tcp 69.105.125.186 61234 209.132.177.100 443 closed https 9 8 1530 2187 0 0
2005-12-28 21:58:08 home.lan eth1 eth1 ffffffffcd9e3e6b6e45697dbaef336 444 tcp 69.105.125.186 61235 205.158.62.107 110 closed pop3 9 9 418 495 0 0
2005-12-28 21:52:47 home.lan eth1 eth1 ffffffff8004280c7b45697dbaef266 86 udp 69.105.125.186 61222 128.4.40.12 123 open ntp 1 1 76 76 0 0
2005-12-28 21:58:33 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef356 505 tcp 69.105.125.186 61237 209.132.177.100 443 closed https 14 12 1767 3040 0 0
2005-12-28 21:58:33 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef346 486 tcp 69.105.125.186 61236 209.132.177.100 443 closed https 14 12 1527 3056 0 0
2005-12-28 21:59:14 home.lan eth1 eth1 267655155045697dbaef366 286 tcp 69.105.125.186 61238 38.118.85.21 80 closed http 5 4 465 355 0 0
2005-12-28 21:52:50 home.lan eth1 eth1 ffffffffce0d1c0c3545697dbaef276 83284 udp 69.105.125.186 61223 206.13.28.12 53 open domain 2 2 123 399 0 0
2005-12-28 21:54:55 home.lan eth1 (null) ffffffffddd0d0ce82dd45697dba4026 0 udp 221.208.208.206 33501 69.105.125.186 1026 open unknown 1 0 502 0 0 0
2005-12-28 21:59:34 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef396 93364 tcp 69.105.125.186 61241 209.132.177.100 443 closed https 14 13 1527 3096 0 0
2005-12-28 22:01:09 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef3c6 494 tcp 69.105.125.186 61244 209.132.177.100 443 closed https 14 12 1767 3040 0 0
2005-12-28 22:02:09 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef3d6 487 tcp 69.105.125.186 61245 209.132.177.100 443 closed https 14 12 1527 3056 0 0
2005-12-28 22:02:10 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef3e6 9395 tcp 69.105.125.186 61246 209.132.177.100 443 closed https 14 13 1767 3080 0 0
2005-12-28 21:57:26 home.lan eth1 (null) ffffffffdd0ca16ee50d45697dba4046 0 udp 221.12.161.110 58637 69.105.125.186 1028 open unknown 1 0 542 0 0 0
2005-12-28 22:02:50 home.lan eth1 eth1 ffffffffccd109101e6145697dbaef3f6 17208 tcp 69.105.125.186 61247 204.209.9.16 7777 closed DynSite 5 3 338 1093 0 0
2005-12-28 22:03:09 home.lan eth1 eth1 ffffffffcd9e3e6b6e45697dbaef406 479 tcp 69.105.125.186 61248 205.158.62.107 110 closed pop3 9 11 418 575 0 0
2005-12-28 22:03:19 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef426 492 tcp 69.105.125.186 61250 209.132.177.100 443 closed https 14 12 1767 3040 0 0
2005-12-28 22:03:19 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef416 481 tcp 69.105.125.186 61249 209.132.177.100 443 closed https 14 12 1527 3056 0 0
2005-12-28 22:04:14 home.lan eth1 eth1 267655155045697dbaef436 284 tcp 69.105.125.186 61251 38.118.85.21 80 closed http 5 4 465 355 0 0
2005-12-28 22:04:20 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef456 3394 tcp 69.105.125.186 61253 209.132.177.100 443 closed https 14 13 1527 3096 0 0
2005-12-28 21:59:19 home.lan eth1 (null) ffffffffd81bb92a7b45697dbaef376 0 udp 69.105.125.186 61239 216.27.185.42 123 open ntp 1 0 76 0 0 0
2005-12-28 21:59:28 home.lan eth1 (null) ffffffffd8dac0ca7b45697dbaef386 0 udp 69.105.125.186 61240 216.218.192.202 123 open ntp 1 0 76 0 0 0
2005-12-28 21:59:41 home.lan eth1 eth1 42bbe0047b45697dbaef3a6 87 udp 69.105.125.186 61242 66.187.224.4 123 open ntp 1 1 76 76 0 0
2005-12-28 22:04:23 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef466 9395 tcp 69.105.125.186 61254 209.132.177.100 443 closed https 14 13 1767 3080 0 0
2005-12-28 22:05:24 home.lan eth1 eth1 42a3ab815045697dbaef476 1042 tcp 69.105.125.186 61255 66.163.171.129 80 closed http 20 33 1749 42815 0 0
2005-12-28 22:00:52 home.lan eth1 eth1 ffffffff80d06d077b45697dbaef3b6 29 udp 69.105.125.186 61243 128.208.109.7 123 open ntp 1 1 76 76 0 0
2005-12-28 22:05:27 home.lan eth1 eth1 45697dbaef4a45e25c45506 60959 tcp 69.105.125.186 61258 69.226.92.69 80 open http 5 3 499 599 0 0
2005-12-28 22:05:27 home.lan eth1 eth1 45697dbaef4945e25c45506 60959 tcp 69.105.125.186 61257 69.226.92.69 80 open http 5 4 513 2440 0 0
2005-12-28 22:05:27 home.lan eth1 eth1 45697dbaef4b45e1af63506 60571 tcp 69.105.125.186 61259 69.225.175.99 80 open http 5 3 606 319 0 0
2005-12-28 22:05:27 home.lan eth1 eth1 45697dbaef4845e25c4c506 66121 tcp 69.105.125.186 61256 69.226.92.76 80 open http 18 18 2298 18752 0 0
2005-12-28 22:04:17 home.lan eth1 eth1 400996861bb45697dbaef446 150864 tcp 69.105.125.186 61252 64.9.150.134 443 open https 8 8 1443 2381 0 0
2005-12-28 22:02:50 home.lan eth1 eth1 ffffffffccd109101e6145697dbaef3f6 600770 tcp 69.105.125.186 61247 204.209.9.16 7777 closed DynSite 6 3 378 1093 0 0
2005-12-28 21:57:32 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef326 1795482 tcp 69.105.125.186 61234 209.132.177.100 443 closed https 10 9 1570 2227 0 0
2005-12-28 21:56:23 home.lan eth1 eth1 ffffffffd184b1641bb45697dbaef306 1865153 tcp 69.105.125.186 61232 209.132.177.100 443 closed https 10 9 1330 2227 0 0
2005-12-28 21:54:55 home.lan eth1 (null) ffffffffddd0d0ce82dd45697dba4026 7114573 udp 221.208.208.206 33501 69.105.125.186 1026 open unknown 3 0 1506 0 0 0
2005-12-28 21:48:00 home.lan eth1 eth1 ffffffffce0d1c0c3545697dbae5006 11480920 udp 69.105.125.186 58624 206.13.28.12 53 open domain 268 260 20855 54209 0 0
2005-12-28 21:50:10 home.lan eth1 eth1 ffffffffcf2e062e74745697dbae32c6 17327419 tcp 69.105.125.186 58156 207.46.6.46 1863 open MSN-Messenger 70 80 3010 3350 0 0
2005-12-28 21:47:55 home.lan eth1 (null) ffffffffffffffff430446 17512932 udp 0.0.0.0 68 255.255.255.255 67 open bootps 275 0 158400 0 0 0