The previous slide and the slide above demonstrate an example
of Actions that must be found in both halves of a TCP session.
The display of the HTTP Response Triggers include the line
Wt:5 Sup:F Seq:0 EOL:F NOT:T XOR:T
which indicates that the NOT and XOR flags are set. The NOT flag
means that if a valid HTTP response is detected, the Action is not
reported. The XOR flag means that only one of the Triggers can
be applied to a single Action.
|
