Stream Inspectors
Network traffic is comprised of packets or frames, which are the fundamental units of data transmission. These packets originate from a source endpoint and are transmitted to one or more destination endpoints. However, the individual packets are usually part of something bigger. For instance, when a web server communicates with a browser using HTTP, the data is divided into manageable sizes and sent as packets across the network. To conduct meaningful analysis, it is necessary to examine the data units of the underlying protocol, such as HTTP, rather than focusing solely on individual packets.
The analysis of network traffic becomes more complex due to the presence of numerous servers and clients concurrently exchanging data. When received by an IDS or IPS, the individual packets from different sources can become interspersed. Therefore, it becomes crucial for the IDS/IPS to accurately group these packets based on the relevant TCP connections and reconstruct the...
