[Snort-users] Reassembled packets from Frag3 and Stream5

Rayne hjazz6 at ...14432...
Tue Oct 14 04:42:51 EDT 2008


Hi all,

I know that Frag3 reassembles IP fragments, and Stream5 reassembles TCP fragments. So are the reassembled packets identical, i.e. in terms of payload? And wouldn't this increase the volume of traffic passed into the detection engine and cause it to run slower, since there are now more packets to check against the rules?

Thank you.

Regards,
Rayne



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20081014/19195c0f/attachment.html>


More information about the Snort-users mailing list