Skip to content
Log in

Session tuple

Definition

The five-element identifier for a network session: source IP, source port, destination IP, destination port, and protocol. The session tuple is the primary anchor for correlating firewall, proxy, and packet-capture records that belong to the same connection.

Related terms

Anchor event
A log entry that can be identified with high confidence across two or more log sources, used to verify relative clock offsets...
Clock skew
The difference between a device's local clock and a trusted reference time such as UTC. Skew accumulates due to hardware drift, timezone...
DHCP lease log
A record maintained by a Dynamic Host Configuration Protocol server that maps each IP address assignment to the requesting device's MAC address,...
Log normalisation
The conversion of log entries from their native format into a common schema, typically a structured record with a corrected UTC timestamp,...
NAT (Network Address Translation)
A mechanism by which a router replaces private source IP addresses with a single public IP address before forwarding packets to the...

Explained in

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account