Hi, pals!
I have got some some IP fragment packages of a large datagram.
(more than 1500 bytes). Can I use Bro to reassemble the IP packages?
Another question, if I have a large datagram from higher level (maybe TCP),
can I use Bro to fragment the large datagram into small IP packages?
Best regards,
George Ma
Bro reassembles ip fragments (in view that it needs to do intrusion
detection..)
Make sure that in your mt.bro there is
@load frag.bro
Whether bro will suit your need is another qn..
bro reassembles the fragments and analyses the whole packet
to detect intrusions or network anomalies...
Another question, if I have a large datagram from higher level (maybe
TCP),can I use Bro to fragment the large datagram into small IP packages?
Bro does'nt do that.