Distinguish no payload and no first packet

LibtraceTeam / libprotoident

Network traffic classification library that requires minimal application payload

GNU Lesser General Public License v3.0

206 stars 60 forks source link

Distinguish no payload and no first packet #25

Closed romain-fontugne closed 6 years ago

romain-fontugne commented 6 years ago

Hi, We had very large flows classified as "No_Payload" because we couldn't observe the first few packets. The name "No_Payload" is very confusing in this case. I made a another class "No_FirstPkt" that takes care of this.

salcock commented 6 years ago

Sounds perfectly reasonable to me. Thanks for that.