Netwitness Behavior regarding wrong checksum packets
Are there documents/articles specifing Netwitness packet capture behavior and parsing regarding traffic with wrong checksums?
Are those packets dropped?
This question arised due to tests using the Snort parser to detect specific packets manipulated to perform attacks, for now, the traffic being observed shows only the response and no resquest ( the attack itself).
Grateful for any help provided!
- Community Thread
- Forum Thread
- logs and packets administration and operations
- RSA NetWitness
- RSA NetWitness Platform