diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-07-30 22:57:20 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-30 22:57:20 +0200 |
| commit | 2a596c79e6df7f78dea6ee3b581b4ed99d48bd7b (patch) | |
| tree | 9479d3fa6c0be8761f091a57b11fe323ab02b2c8 /tests/pcap/ftp.pcap | |
| parent | 8b6a00f84bff9c998643d823502ae9f924fce528 (diff) | |
HTTP: fix classification (#1692)
If we have a valid HTTP sessions, we should ignore
`flow->guessed_protocol_id` field (i.e. classification "by-port")
altogheter.
The attached trace was classified as "SIP/HTTP" only because the *client*
port was 5060...
As a general rule, having a classification such as "XXXX/HTTP" is
*extremely* suspicious.
Diffstat (limited to 'tests/pcap/ftp.pcap')
0 files changed, 0 insertions, 0 deletions