Glossary¶
Plixer FlowPro Terms¶
- BotNet
A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge
- Command and Control
Command and Control cyberattacks (C2 or C&C) happen when bad actors infiltrate a system and install malware that lets them remotely send commands from a C2 server to infected devices
- Data exfiltration
Unauthorized data transfer, either manually from a device or over a network
- DGA (Domain Generation Algorithms)
Algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with the command and control servers
- DNS Data Leak
DNS server requests that are visible to third parties
- Domain Reputation List
List of domains that have been determined, with a high probability, to be “bad domains”
- DPI (Deep Packet Inspection)
An advanced method of examining and managing network traffic, functioning at the application layer of the OSI model
- JA3 Signature
A method to fingerprint an SSL/TLS client connection based on fields in the Client Hello message from the SSL/TLS handshake. So named as it was first published by John Althouse, Jeff Atkinson, and Josh Atkins from Salesforce in 2017.
- NXDOMAIN (No Existing Domain)
Error message indicating that the domain is either not registered or invalid
- Observation Domain
A value used by the collector device to group devices when receiving data sessions
- plixer.ini
Plixer FlowPro configuration file.
- Trusted Domain list
List of domains that are allowed on the network (whitelisted)
General Networking Terms¶
- 2LD (Second-level Domain)
Part of the naming convention domain names. For example, in example.com, example is the second-level domain of the .com TLD (Top level domain)
- 3LD (Third-level Domain)
For example, in www.mydomain.com, www is the third-level domain
- API (Application Programming Interface)
A software component that allows applications to share data and functionality
- CA (Certification Authority)
A trusted entity that issues, signs, and stores digital certificates
- CIDR (Classless Inter-Domain Routing)
An Internet Protocol addressing method that improves the efficiency of allocating IP addresses. The general way of representing the CIDR IP address is
a.b.c.d/nwithnrepresenting the number of bits used for the identification of the network.- CLI (Command-line Interface)
A text-based interface for applications and operating systems that allows a user to enter commands and receive
- Collector
SIEMs, Flow Collectors, SNMPTrap Receivers, or other network management systems that analyze data forwarded by the Plixer Replicator from other networked devices
- DNS (Domain Name System)
The system by which computers and other devices on the Internet or Internet Protocol networks are uniquely identified using names matched to their IP addresses
- Egress
Traffic that exits a device or network
- ERSPAN (Encapsulated Remote Switched Port Analyzer)
A Cisco proprietary feature that brings generic routing encapsulation (GRE) for all captured traffic and allows it to be extended across Layer 3 domains
- Exporter
A networked device such as a router, switch, or server that generates data and sends it to the Plixer Replicator for replication and forwarding
- Fault tolerance
A system’s ability to continue operating without interruptions in the event of a hardware or software failure
- FQDN (Fully Qualified Domain Name)
The comple domain name of a specific computer, host, or online presence. For example, Plixer’s website’s FQDN would be www.plixer.com
- GRE (Generic Routing Encapsulation)
A tunneling protocol developed by Cisco Systems
- IP address
A unique numerical label assigned to a networked device
- IPFIX (Internet Protocol Flow Information Export)
A protocol that standardizes Internet Protocol flow information from networked devices
- Latency
The latency of a network is the time it takes for a data packet to be transferred from its source to the destination
- LDAP (Lightweight Directory Access Protocol)
An open, cross platform protocol used to authenticate and store information about users, groups, and applications
- MAC (Media Access Control) address
A unique hardware identifier typically assigned by manufacturers to network adapters and devices
- NIC (Network Interface Card)
Adapter that provides devices network connections, either wired or wireless
- OVF (Open Virtualization Format)
An open-source standard for packaging and distributing virtual machines and software applications
- Packet
A block of data transmitted across a network
- Redundancy
Duplicated or alternative network devices and connections meant to serve as a failsafes against the primary service becoming unavailable
- Router
A device that forwards or routes data packets to devices on a network
- Server
A system or device that provides resources, data, services, or applications to other devices over a network
- SIP/RTP (Session Initiation Protocol/Real Time Protocol)
SIP is the control protocol, and RTP is the payload protocol used to send and receive Voice over IP (VoIP)
- SSH (Secure Shell Protocol)
A network communication protocol that allows network services to be used securely over an unsecured network
- SSL (Secure Sockets Layer)
A protocol for establishing secure connections between networked devices
- Switch
A device that connects devices in a network and allows them to communicate with each other
- Syslog
A standard for message logging that allows a wide variety of networked devices to share the same repositories and management systems
- TLS handshake (Transport Layer Security)
TLS is a network protocol used to ensure secure and private communications over the internet. A TLS handshake is the process that kicks off a communication session that uses TLS encryption
- UDP (User Datagram Protocol)
A communication protocol used by applications to send messages to other hosts on an Internet Protocol network via low-latency, loss-tolerating connections
- Virtual appliance
A pre-configured virtual machine image with pre-installed software meant to serve a specific function
- VoIP (Voice over Internet Protocol)
A technology that allows voice calls using an internet connection