TCP Session Reconstruction
Session reconstruction involves correlating the captured packets in order to obtain the information sent between two applications on a single communication channel. Unlike other traffic analyzers RedSplice has a working mode centered on sessions instead of packets.
This is because for humans is much easier to understand high level data instead of a very specific data that requires advanced knowledge of network protocols. Having the information decoded and assembled in a easy to read form, makes RedSplice a tool that is easy to use even for those who have little knowledge of network protocols.
RedSplice implements three ways of viewing the captured sessions: Packet View, Ascii View and Smart View. Packet View allows the user to visualize the traffic in a hexadecimal format with a representation that distinguishes between data sent by the client from data sent by the server. Ascii View presents to the user a text representation of the data extracted from the packets. The data extracted corresponds to the upper layers of the OSI model. Smart View is a mode of visualization that presents the information formatted according to the high level application protocol.