From 0cb951f143285a599a6d831c6fc2b3cb89d6aa67 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Fri, 10 Jan 2025 17:52:51 +0100
Subject: Improved WebSocket-over-HTTP detection

 * detect `chisel` SSH-over-HTTP-WebSocket
 * use `strncasecmp()` for `LINE_*` matching macros

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 tests/cfgs/default/result/log4j-webapp-exploit.pcap.out | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tests/cfgs/default/result/log4j-webapp-exploit.pcap.out')

diff --git a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out
index 8a4c29870..acee52645 100644
--- a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out
+++ b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out
@@ -1,7 +1,7 @@
 DPI Packets (TCP):	56	(8.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 358 (51.14 diss/flow)
+Num dissector calls: 361 (51.57 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-- 
cgit v1.2.3