The role of packet decoding (Codecs)
As mentioned earlier, packet decoding is the process of inspecting and interpreting the various protocol headers in a network packet. The process is very similar to the decapsulation and decoding of network packets at the destination host. The decoding process also includes the necessary validation of the header fields; for example, the checksum values will be validated. Any abnormalities in the protocol headers are detected during this phase. These may be due to benign or malicious reasons. The decoding phase may generate alerts for such abnormalities if the NIDS is configured accordingly.
Codecs do not perform complex tasks such as session management or IP fragmentation reassembly. Rather, they decode the respective protocol headers (and populate the corresponding internal data structures) so as to enable the subsequent modules (such as inspectors) to perform their role.
In addition to performing the decapsulation process for every packet...
