Vladimir Gavrilov

> Requires to add a new configs for unusual resolutions. I'm lazy to work with this because I don't have that display. Where can I find these configs?

I think it makes sense to also add HTTP content-type check for `application/vnd.microsoft.portable-executable`.

> I think there is already such check in `src/lib/protocols/http.c`. But it may be useful to check the HTTP body for PE32/PE32+. What do you think? Yeah, that's a great...

> I think there is already such check in `src/lib/protocols/http.c`. Yes, it's there, but I meant something else: to classify flows with that content-type as `Portable_Executable`.

Hi, can you share pcap example? The RDP dissector was recently [fixed](https://github.com/ntop/nDPI/commit/fbae51ae9de3cd4c22664e25ec29d73abe64adfc) to avoid false positives, so it's unlikely to be the cause.

> [http_traffic.zip](https://github.com/ntop/nDPI/files/13771948/http_traffic.zip) @0xA50C1A1 It may be a false positives, or it may not. I thought this check would be enough to accurately detect RDP traffic: ``` tpkt_verify_hdr(packet) && /* COTP...

Well, that sounds logical. This seems to be the way [SSH detection](https://github.com/ntop/nDPI/blob/90b999e3f1a67babbcd7003fb0ccab005d45f343/src/lib/protocols/ssh.c#L71C1-L121C2) is implemented. I.e. one ID for all protocol versions and risk setting in case an obsolete version is...

Try upgrading your potato PCs. Even a 100 bucks Ryzen 5600G without a discrete GPU is able to provide smooth gameplay with high quality graphics preset (1080p with FSR enabled,...

> Example of WSP: [wap_google.zip](https://github.com/ntop/nDPI/files/14975898/wap_google.zip) > > @subhajit-cdot , do you have an example of (interesting) MMS traffic that you can share, please? Looks like this ancient artifact is exactly...

Hi, I was just reworking this dissector :) Here is my solution if you want to take a look [h323_patch.zip](https://github.com/ntop/nDPI/files/15271419/h323_patch.zip)