reconstructing flows
Let’s say you want to search for the text “USER root”. Is it enough to just search the data portion of TCP segments you see?
USER root
(Uh oh… we have to reassemble frags and resequence segs)
Previous slide
Next slide
Back to first slide
View graphic version