cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
BeaconBits
Nickel

Difference between Session and Connection??

Jump to solution

Hello everyone,

I know that this question has answered before but allow me to say that even after reading it is still confusing.

Here I would like to know from 'Checkpoint' that what actually they mean about 'Connection' and 'Session'.

Any checkpoint guru please???

Regards,

B

1 Solution

Accepted Solutions
Admin
Admin

Re: Difference between Session and Connection??

Jump to solution

A session is a collection (a superset) of connections.

A connection only tells you very basic things (layer 3-4 information) about a single TCP/UDP connection.

It does tell you how that single connection relates to others that have been seen from that same user/host. 

A session correlates what happens over several individual connections, including information from multiple blades (e.g. App Control, URL Filtering, Identity Awareness, etc) into a single log entry.

Through looking at thousands of individual connection logs manually, you could probably tell Joe Roberts spent an hour surfing Facebook.

A session log can show you this in a single log entry with the number of bytes transferred, an estimate of how long he spent, and so on, all correlated automatically. 

3 Replies
Admin
Admin

Re: Difference between Session and Connection??

Jump to solution

A connection is a single TCP connection or virtual UDP/IP Protocol session.

A session provides context for those individual connections by correlating them together.

For example, looking at connections, I can see:

  • Host X opened hundreds of connections on TCP port 443 to servers A, B, and C

Sessions correlated from the above connections tell you:

  • Joe Roberts spent 1 hour using Facebook

Hope that helps.

BeaconBits
Nickel

Re: Difference between Session and Connection??

Jump to solution

Hi Dameon,

Thanks for the explanation.

Do you mind explaning in more example? I'm more looking into what sort of information we can see in session that we can't see in Connection.

OR

Does a Session is a subset of the Connection?

Regards,

Shaiq

0 Kudos
Admin
Admin

Re: Difference between Session and Connection??

Jump to solution

A session is a collection (a superset) of connections.

A connection only tells you very basic things (layer 3-4 information) about a single TCP/UDP connection.

It does tell you how that single connection relates to others that have been seen from that same user/host. 

A session correlates what happens over several individual connections, including information from multiple blades (e.g. App Control, URL Filtering, Identity Awareness, etc) into a single log entry.

Through looking at thousands of individual connection logs manually, you could probably tell Joe Roberts spent an hour surfing Facebook.

A session log can show you this in a single log entry with the number of bytes transferred, an estimate of how long he spent, and so on, all correlated automatically.