Definition
In cybersecurity, a 5-tuple is a set of five specific data elements uniquely identifying a connection or network session.
It consists of destination port numbers, origin port numbers, endpoint IP addresses, sourced IP addresses, and the particular protocol in use, such as TCP or UDP.
5-Tuple Applications in Cybersecurity
- Load balancing: Load balancers use 5-tuples to track user activity to ensure a user’s data goes to one specific server.
- Network monitoring and analysis: The 5-tuple can track specific sessions, connections, and potential security threats or performance issues.
- Network classification and traffic filtering: Some routers, firewalls, and other network connection tools use 5-tuples to split and categorize network traffic, allowing or blocking packets based on predefined rules matching these values.