A method performed in an intrusion detection/prevention system, a system
or a device for analyzing segments in a transmission in a communication
network. The transmission includes segments in the same transmission
control protocol (TCP) session. Segments in a transmission are monitored.
Data in the segments in the transmission are reassembled in an order
indicated by a segment reassembly policy, the segment reassembly policy
indicating an order specific to at least comprehensively overlapped
segments.