[Bro] Reassembling packets during inspection

Vern Paxson vern at icir.org
Sat Aug 7 18:20:03 PDT 2010

> Is it possible to reassemble TCP and UDP streams while Bro inspects a  

What do you mean by reassembling a UDP stream?  These don't have a particular
reassembly ordering associated with them.  If you just want to extract the
contents of a given UDP flow, you can do so using tcpdump directly.


More information about the Bro mailing list