Cisco Systems IPS4510K9 manual CtlTransSource, Pep

Appendix A System Architecture

MainApp

•TCP streams in embryonic state

•TCP streams in established state

•TCP streams in closing state

•TCP streams in system

•TCP packets queued for reassembly

•Total nodes active

•TCP nodes keyed on both IP addresses and both ports

•UDP nodes keyed on both IP addresses and both ports

•IP nodes keyed on both IP addresses

•Sensor memory critical stage

•Interface status

•Command and control packet statistics

•Fail-over state

•System uptime

•CPU usage

•Memory usage for the system

•PEP

Note Not all IPS platforms support PEP.

The NotificationApp provides the following statistics:

•Number of error traps

•Number of event action traps

•Number of SNMP GET requests

•Number of SNMP SET requests

CtlTransSource

The CtlTransSource is an application that forwards locally initiated remote control transactions to their remote destinations using HTTP protocol. The CtlTransSource initiates either TLS or non-TLS connections and communicates remote control transactions to HTTP servers over these connections.

The CtlTransSource must establish sufficient credentials on the remote HTTP server to execute a remote control transaction. It establishes its credentials by presenting an identity to the HTTP server on the remote node in the form of a username and password (basic authentication). When the authentication is successful, the requestor is assigned a cookie containing a user authentication that must be presented with each request on that connection.

The transactionHandlerLoop method in the CtlTransSource serves as a proxy for remote control transaction. When a local application initiates a remote control transaction, IDAPI initially directs the transaction to the CtlTransSource. The transactionHandlerLoop method is a loop that waits on remote control transactions that are directed to the CtlTransSource.