The Stream Handler plugin examines the data from the
Collector and performs IP reassembly, if necessary, and
then adds the data to the correct stream. If the data
is a TCP packet, then the Stream performs two extra
functions:
- If the Stream is new, check for the other half of
the session, and set both Streams to be associated with
each other
- Perform TCP reassembly, if necessary, and do not
allow Stream Analyzers to perform analysis until the
Stream is in the correct sequence and contiguous
The Stream Handler notifies the Stream Analyzers of every
packet added to a Stream. It also tests for Stream completion
and notifies the Action Analyzer for those Streams.
|
