When ndpi recognizes the http protocol, can it only recognize the response package of http?

ntop / nDPI

Open Source Deep Packet Inspection Software Toolkit

http://www.ntop.org

GNU Lesser General Public License v3.0

3.69k stars 882 forks source link

When ndpi recognizes the http protocol, can it only recognize the response package of http? #2069

Open kevinerr opened 11 months ago

kevinerr commented 11 months ago

When I use ndpi to identify the data packet captured from the network card, if the returned protocol id is 7, I store the data packet as a pcap file, but when I open the pcap file with wireshark, I find only the http response packet, There is no http request package.

echoechoin commented 3 months ago

Perhaps it would be beneficial for you to establish a flow table. This table will allow you to categorize packets with the same source IP, source port, destination IP, and destination port into a single flow. Once the protocol is identified, you can proceed to store all packets belonging to that particular flow.