Issue ported from old casework github repo (issue 36).Original author: mike-parkhill
Just looking at some sample output from Network Miner and see that they're outputting "TCP, HTTP" for the Protocols field of the NetworkConnection object. Just wondering if it would make sense to make this field an array so it's clear that multiple protocols might apply? Or, do we want to agree on a way of describing that HTTP over TCP was being used?
Issue ported from old casework github repo (issue 36). Original author: mike-parkhill
Just looking at some sample output from Network Miner and see that they're outputting "TCP, HTTP" for the Protocols field of the NetworkConnection object. Just wondering if it would make sense to make this field an array so it's clear that multiple protocols might apply? Or, do we want to agree on a way of describing that HTTP over TCP was being used?