I agree with Carlos answer
carlos says:
01/31/2018 at 2:33 AM
tcpdump and wireshark are -> full packet capture
web content filtering -> transaction data
traditional stateful firewall -> connection event
netflow -> session data
disagree:
Based on deffinitions below:
traditional stateful firewall -> connection event
web content filtering -> transaction specific
Connection event
Connection events are the records of any connection that occurs in a monitored network.
Transaction data
application-specific records generated from network traffic. Logs deeper connection-level information, which may span multiple packets within a connection. Must have predefined templates for protocol formatting. Common for logging HTTP header/request information, SMTP command data, etc.
I agree with Carlos answer
carlos says:
01/31/2018 at 2:33 AM
tcpdump and wireshark are -> full packet capture
web content filtering -> transaction data
traditional stateful firewall -> connection event
netflow -> session data
This is the most correct aprettiation,
disagree:
Based on deffinitions below:
traditional stateful firewall -> connection event
web content filtering -> transaction specific
Connection event
Connection events are the records of any connection that occurs in a monitored network.
Transaction data
application-specific records generated from network traffic. Logs deeper connection-level information, which may span multiple packets within a connection. Must have predefined templates for protocol formatting. Common for logging HTTP header/request information, SMTP command data, etc.
I agree, your answer is correct. The one above is wrong
Tcp dump is full packet capture
Web content filtering is transaction data
tcpdump -> full packet capture
web content filtering -> transaction data
traditional stateful firewall -> connection event
netflow -> session data
I think the answer is wrong . Tcp dump is full packet capture