Hello, I am looking to the 2 pass analysis (-2 -R) for a while, but I could not see difference between " -2 -R xxx "instead of using 2 parameter " -Y xxx -Y xxx " . Can soneone explain me that with some examples how to use it or the difference. Thanks, Best Regards asked 07 Feb '16, 05:53  EY-security |
One Answer:
Among other things 2 pass mode allows the dissection engine to update forward references, e.g. an http request can have the link to the response updated as the response was dissected on the first pass after the request had initially been dissected. answered 07 Feb '16, 08:40  grahamb ♦ |
Hi grahamb,
Yeah I read all the things on the internet that explain 2 pass analysis, but, when I try with some examples that I only see the difference is the sequence numbers are starting at the begiging again (1,2,..) instead of real sequence number (100, 4800,...) . Can you give me the 2 whole filter that can I see the difference between -Y and -2 -R.
I only see the bugs on the given examples in internet.
Thanks, Best Regards
Could this answer to another question be an answer to your question too?