A-11
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix A System Architecture
MainApp
• TCP streams in embryonic state
• TCP streams in established state
• TCP streams in closing state
• TCP streams in system
• TCP packets queued for reassembly
• Total nodes active
• TCP nodes keyed on both IP addresses and both ports
• UDP nodes keyed on both IP addresses and both ports
• IP nodes keyed on both IP addresses
• Sensor memory critical stage
• Interface status
• Command and control packet statistics
• Fail-over state
• System uptime
• CPU usage
• Memory usage for the system
• PEP
Note Not all IPS platforms support PEP.
The NotificationApp provides the following statistics:
• Number of error traps
• Number of event action traps
• Number of SNMP GET requests
• Number of SNMP SET requests
CtlTransSource
The CtlTransSource is an application that forwards locally initiated remote control transactions to their
remote destinations using HTTP protocol. The CtlTransSource initiates either TLS or non-TLS
connections and communicates remote control transactions to HTTP servers over these connections.
The CtlTransSource must establish sufficient credentials on the remote HTTP server to execute a remote
control transaction. It establishes its credentials by presenting an identity to the HTTP server on the
remote node in the form of a username and password (basic authentication). When the authentication is
successful, the requestor is assigned a cookie containing a user authentication that must be presented
with each request on that connection.
The transactionHandlerLoop method in the CtlTransSource serves as a proxy for remote control
transaction. When a local application initiates a remote control transaction, IDAPI initially directs the
transaction to the CtlTransSource. The transactionHandlerLoop method is a loop that waits on remote
control transactions that are directed to the CtlTransSource.