mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-02 08:50:18 +00:00
2a596c79e6
If we have a valid HTTP sessions, we should ignore `flow->guessed_protocol_id` field (i.e. classification "by-port") altogheter. The attached trace was classified as "SIP/HTTP" only because the *client* port was 5060... As a general rule, having a classification such as "XXXX/HTTP" is *extremely* suspicious.
2 KiB
2 KiB