[TABS_R id=6660]
Which of the following is NOT one of the 5 tuples?
- source port number
- source Ip address
- destination IP address
- netflow record ID
Explanation:
The Netflow ID appears in the NetFlow header when using NetFlow to capture what is called a flow. This compromises all packets that are part of the same conversation as defined by the 5-tuple that all packets share. However, the NetFlow ID is not one of the five tuples.
By using the 5-tuple uniquely identify each communication you can match up data from various sources that refer to the same communication.
The 5 tuple is a term to describe the 5 significant parts of each TCP connection. These 5 elements which make each conversation unique are:
– Source IP address
– Destination IP address
– Source port number
– Destination port number
– Protocol
The source device created the connection and the destination accepts the connection following the TCP three way handshake. this handshake involves three TCP packets. The forst packet has the SYN flag set, indicating a desire to make a connection. The destination answers back with TCP packet with the SYN and ACK flags set, indicating a willingness to create the connection. Finally, the source finalizes the connection with a TCP packet with only the ACK flag set.
[TABS_R id=6660]