Realeyes Intrusion Detection System

HOME || TECHNOLOGY

The Stream Handler plugin examines the data from the Collector and performs IP reassembly, if necessary, and then adds the data to the correct stream. If the data is a TCP packet, then the Stream performs two extra functions:

If the Stream is new, check for the other half of the session, and set both Streams to be associated with each other

Perform TCP reassembly, if necessary, and do not allow Stream Analyzers to perform analysis until the Stream is in the correct sequence and contiguous

The Stream Handler notifies the Stream Analyzers of every packet added to a Stream. It also tests for Stream completion and notifies the Action Analyzer for those Streams.

START - - - PREV - - - NEXT