[Bro] about "reassembles IP fragments"
cliff
zwei03 at citiz.net
Thu Oct 21 18:56:10 PDT 2004
Hi all,
In Vern's paper,bro:a system for detecting network intruders in real-time,there are the following sentences:
"The resulting filtered packet stream is then handed up to the next layer, the Bro ``event engine.'' This layer first performs several integrity checks to assure that the packet headers are well-formed, including verifying the IP header checksum. If these checks fail, then Bro generates an event indicating the problem and discards the packet. It is also at this point that Bro reassembles IP fragments so it can then analyze complete IP datagrams."
Howerver,I can't find the implementation detail from source code,i.e."verifying the IP header checksum" and "reassembles IP fragments".
I wish get your help.Thanks a lot!
Best Regards,
Cliff
More information about the Bro
mailing list