A newer tool called tcpflow complements tcpdump and provides a way to do protocol flow analysis and to properly reconstruct data streams, regardless of packet order or retransmissions.
一个叫做tcpflow的新工具与tcpdump相辅相成,它提供协议流分析和适当地重构数据流的方法,而不管数据包的顺序或重发。
Then, using packet capture mechanism to attack the data collection, analysis and recording.
然后,利用数据包捕获机制对攻击数据进行收集、分析和记录。
On the base of protocol analysis, the system USES the technology of the fragment reassembly of IP packet, TCP data flow reverting, etc. It reduces leak and mistake alert of the intrusion.
在协议分析的基础上,采用IP数据包分片重组、TCP数据流还原等技术,降低漏报率,减少误报率。
应用推荐