Skip to content
Log in

Stream reassembly

Definition

The process of collecting all the TCP segments belonging to a single connection and reordering them by sequence number to reconstruct the complete application-layer payload. Required because TCP segments may arrive out of order or be fragmented across multiple packets.

Related terms

Artefact carving
Extracting embedded content from raw data by locating known file signatures (magic bytes) at byte boundaries. In PCAP analysis, this means reassembling...
Beaconing
Periodic outbound connections from a compromised host to a command-and-control server, typically at regular intervals. The regularity of the interval, measured in...
Display filter
A Wireshark filter expression applied to an already-captured PCAP file to show only packets matching specified criteria. Display filters do not delete...
PCAP
Packet capture file. The standard format for storing captured network frames, originally defined by the libpcap library. Each record contains the raw...
Protocol dissector
A software component in a packet analyser that recognises a specific protocol and parses its header fields into named, readable values. Wireshark...

Explained in

  • Traffic Analysis and Protocol DissectionThe process of collecting all the TCP segments belonging to a single connection and reordering them by sequence number to reconstruct the complete application-...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account