From 4b8c8608d146c5407c6180a5698057c146e0d60b Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Sun, 5 Jul 2020 18:36:57 +0200
Subject: Improved HTTP line parsing if request splitted into multiple packets.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 tests/pcap/http-lines-split.pcap       | Bin 0 -> 2751 bytes
 tests/result/http-lines-split.pcap.out |   3 +++
 2 files changed, 3 insertions(+)
 create mode 100644 tests/pcap/http-lines-split.pcap
 create mode 100644 tests/result/http-lines-split.pcap.out

(limited to 'tests')

diff --git a/tests/pcap/http-lines-split.pcap b/tests/pcap/http-lines-split.pcap
new file mode 100644
index 000000000..01570c76c
Binary files /dev/null and b/tests/pcap/http-lines-split.pcap differ
diff --git a/tests/result/http-lines-split.pcap.out b/tests/result/http-lines-split.pcap.out
new file mode 100644
index 000000000..99f6f1415
--- /dev/null
+++ b/tests/result/http-lines-split.pcap.out
@@ -0,0 +1,3 @@
+HTTP	14	2503	1
+
+	1	TCP 192.168.0.1:39236 <-> 192.168.0.20:31337 [proto: 7/HTTP][cat: Web/5][7 pkts/481 bytes <-> 7 pkts/2022 bytes][Goodput ratio: 14/81][0.00 sec][Host: toni.lan][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 69/289 92/1514 12/503][URL: toni.lan:31337/][StatusCode: 200][User-Agent: uclient-fetch][Risk: ** Known protocol on non standard port **** HTTP Suspicious User-Agent **][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0]
-- 
cgit v1.2.3