[Snort-users] Marking reassembled TCP segments

Amir Goldman amir180 at ...11827...
Sun Jun 26 14:05:58 EDT 2016


Is there a way of marking tcp packets that are a part of one PDU?
When going over the unified 2 files, I want to have a way of knowing when
to reassemble the packets to their original form ( like wireshark does).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160626/9e4a9a50/attachment.html>

More information about the Snort-users mailing list