What is 'session splicing' in the context of packet crafting?

Session splicing is a packet‑crafting technique where a single session’s data is split into many tiny pieces and sent across multiple packets, often interleaving with other traffic. The attacker crafts those packets with small payloads so each one looks innocuous to security tools, making it harder for IDS/IPS or WAFs to detect the overall pattern. When the packets reach the destination, the legitimate endpoint reassembles them into the original stream, allowing the session to proceed while evading per-packet detection. This differs from simply merging sessions or resetting a connection, and it’s not merely about reassembling fragmented IP packets at the destination. The emphasis is on distributing small, benign-looking chunks to slip past defenses while still achieving a coherent session on the receiving end.