Support

Support for business applications

Kaspersky Industrial CyberSecurity for Networks

Performing common tasks

Network session monitoring

Kaspersky Industrial CyberSecurity for Networks
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Network session monitoring

March 22, 2024

ID 257980

Get as PDF

Kaspersky Industrial CyberSecurity for Networks can detect network sessions created by the devices for connecting with other devices in the industrial network traffic. The application registers the detected network sessions and saves information you can use to analyze the network activity of the devices and download data about transmitted network packets from the traffic dump files. Unlike connections on the network interaction map, registered network sessions provide more detailed information about the device interactions, including because of separate registration of sessions for different ports and protocols that were used in the interactions.

The application detects network sessions if the use of the Network Session Detection method based on the Asset Control technology is enabled. Network session detection can be performed when analyzing traffic received by monitoring points, as well as when receiving data from EPP applications.

Each registered network session contains information about the connection between two devices that are interaction sides. A network session is characterized by the address information of the interaction sides (MAC and / or IP addresses), port numbers, and the application protocol that was used for the connection. The first device in a network session is usually the device that initiates the sending of network packets to the other device.

A network session is considered completed if no network packets are sent during one minute within this session or if the network session detection technology is disabled on the corresponding node or monitoring point.

If an excessive number of network sessions are detected, the application applies the following session registration restrictions:

  • The number of registered sessions between the two interaction sides using the same application protocol doesn't exceed 1000 per minute
  • The total number of registered sessions between the two interaction sides is no more than 5000 per minute

The application saves network session data in the database on the Server. The total volume of saved entries cannot exceed the defined limit. If the volume exceeds the defined limit, the application automatically deletes 10% of the oldest entries. You can set a maximum volume limit for the network sessions when configuring data storage settings on the Server node in the Network sessions section.

You can view information about network sessions on the Network sessions tab in the Network map section.

In this section:

Network sessions table

Viewing network session details

Downloading network session traffic

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.