Open kevinerr opened 11 months ago
Perhaps it would be beneficial for you to establish a flow table. This table will allow you to categorize packets with the same source IP, source port, destination IP, and destination port into a single flow. Once the protocol is identified, you can proceed to store all packets belonging to that particular flow.
When I use ndpi to identify the data packet captured from the network card, if the returned protocol id is 7, I store the data packet as a pcap file, but when I open the pcap file with wireshark, I find only the http response packet, There is no http request package.