diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c7ee38b69..2e3fd6f08 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -115,22 +115,7 @@ jobs:
maxminddb: "--with-maxminddb"
msan: "--with-sanitizer"
nBPF: ""
- - compiler: "clang-17" # "Newest" clang easily available. See also below...
- ar: "llvm-ar-17"
- ranlib: "llvm-ranlib-17"
- os: ubuntu-24.04
- arch: "x86_64"
- gcrypt: ""
- pcre: "--with-pcre2"
- maxminddb: "--with-maxminddb"
- msan: "--with-sanitizer"
- nBPF: ""
- lto_gold_linker: "--with-lto-and-gold-linker"
- - compiler: "clang-18" # "The latest clang version easily available should be 18,
- # but it is buggy on ubuntu-24.04 with LTO and Gold linker:
- # https://github.com/llvm/llvm-project/issues/87553
- # https://bugs.launchpad.net/ubuntu/+source/llvm-toolchain-18/+bug/2064187
- # Waiting for a fix...
+ - compiler: "clang-18" # "Newest" clang easily available. See also below...
ar: "llvm-ar-18"
ranlib: "llvm-ranlib-18"
os: ubuntu-24.04
@@ -140,7 +125,7 @@ jobs:
maxminddb: "--with-maxminddb"
msan: "--with-sanitizer"
nBPF: ""
- lto_gold_linker: ""
+ lto_gold_linker: "--with-lto-and-gold-linker"
- compiler: "cc"
os: ubuntu-latest
arch: "x86_64"
@@ -279,12 +264,8 @@ jobs:
- name: Installing MacOS prerequisites
if: startsWith(matrix.os, 'macOS') && startsWith(matrix.arch, 'x86_64')
run: |
- # A workaround for "The `brew link` step did not complete successfully" error.
- # See https://github.com/Homebrew/homebrew-core/issues/165793#issuecomment-1991817938
- find /usr/local/bin -lname '*/Library/Frameworks/Python.framework/*' -delete
- sudo rm -rf /Library/Frameworks/Python.framework/
- brew install --force python3 && brew unlink python3 && brew unlink python3 && brew link --overwrite python3
- brew install coreutils wdiff colordiff autoconf automake libtool pkg-config gettext json-c rrdtool parallel
+ # Avoid (re)installing pkg-config. See: https://github.com/actions/runner-images/issues/10984
+ brew install coreutils wdiff colordiff autoconf automake libtool gettext json-c rrdtool parallel
- name: Install MacOS Prerequisites (libgcrypt)
if: startsWith(matrix.os, 'macOS') && startsWith(matrix.arch, 'x86_64') && startsWith(matrix.gcrypt, '--with-local-libgcrypt')
run: |
diff --git a/doc/protocols.rst b/doc/protocols.rst
index 0f2062e3c..191471118 100644
--- a/doc/protocols.rst
+++ b/doc/protocols.rst
@@ -1037,3 +1037,30 @@ References: `Main site `_
Taobao is a Chinese online shopping platform.
References: `Main site `_
+
+
+.. _Proto 437:
+
+`NDPI_PROTOCOL_MIKROTIK`
+========================
+MikroTik Neighbor Discovery Protocol, is a protocol that allows us to find neighbor routers/switches which are compatible with the following neighboring protocols: MNDP: MikroTik Proprietary. CDP: Cisco Proprietary.
+
+References: `Main site `_
+
+
+.. _Proto 438:
+
+`NDPI_PROTOCOL_DICOM`
+=====================
+Digital Imaging and Communications in Medicine (DICOM) is a technical standard for the digital storage and transmission of medical images and related information.
+
+References: `Wikipwdia `_
+
+
+.. _Proto 439:
+
+`NDPI_PROTOCOL_PARAMOUNTPLUS`
+=============================
+Paramount+ (formerly CBS All Access and 10 All Access in Australia until 2021) is an American subscription video on-demand over-the-top streaming service owned by Paramount Global.
+
+References: `Main site `_
\ No newline at end of file
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 09b3a4104..5bc4bf44f 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -101,7 +101,7 @@ FILE *fingerprint_fp = NULL; /**< for flow fingerprint export */
/** User preferences **/
char *addr_dump_path = NULL;
-u_int8_t enable_realtime_output = 0, enable_protocol_guess = NDPI_GIVEUP_GUESS_BY_PORT | NDPI_GIVEUP_GUESS_BY_IP, enable_payload_analyzer = 0, num_bin_clusters = 0, extcap_exit = 0;
+u_int8_t enable_realtime_output = 0, enable_payload_analyzer = 0, num_bin_clusters = 0, extcap_exit = 0;
u_int8_t verbose = 0, enable_flow_stats = 0;
bool do_load_lists = false;
@@ -1131,7 +1131,6 @@ static void parseOptions(int argc, char **argv) {
break;
case 'd':
- enable_protocol_guess = 0;
if(reader_add_cfg(NULL, "dpi.guess_on_giveup", "0", 1) == 1) {
printf("Invalid parameter [%s] [num:%d/%d]\n", optarg, num_cfgs, MAX_NUM_CFGS);
exit(1);
@@ -1812,28 +1811,10 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct,
flow->detected_protocol.protocol_by_ip));
- if(flow->multimedia_flow_type != ndpi_multimedia_unknown_flow) {
- const char *content;
+ if(flow->multimedia_flow_types != ndpi_multimedia_unknown_flow) {
+ char content[64] = {0};
- switch(flow->multimedia_flow_type) {
- case ndpi_multimedia_audio_flow:
- content = "Audio";
- break;
-
- case ndpi_multimedia_video_flow:
- content = "Video";
- break;
-
- case ndpi_multimedia_screen_sharing_flow:
- content = "Screen Sharing";
- break;
-
- default:
- content = "???";
- break;
- }
-
- fprintf(out, "[Stream Content: %s]", content);
+ fprintf(out, "[Stream Content: %s]", ndpi_multimedia_flowtype2str(content, sizeof(content), flow->multimedia_flow_types));
}
fprintf(out, "[%s]",
diff --git a/example/reader_util.c b/example/reader_util.c
index 35813526e..fc49b22df 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1207,6 +1207,8 @@ static void process_ndpi_monitoring_info(struct ndpi_flow_info *flow) {
add_to_address_port_list(&flow->stun.peer_address, &flow->ndpi_flow->monit->protos.dtls_stun_rtp.peer_address);
add_to_address_port_list(&flow->stun.relayed_address, &flow->ndpi_flow->monit->protos.dtls_stun_rtp.relayed_address);
add_to_address_port_list(&flow->stun.response_origin, &flow->ndpi_flow->monit->protos.dtls_stun_rtp.response_origin);
+
+ flow->multimedia_flow_types |= flow->ndpi_flow->flow_multimedia_types;
}
}
@@ -1616,7 +1618,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
add_to_address_port_list(&flow->stun.other_address, &flow->ndpi_flow->stun.other_address);
}
- flow->multimedia_flow_type = flow->ndpi_flow->flow_multimedia_type;
+ flow->multimedia_flow_types |= flow->ndpi_flow->flow_multimedia_types;
if(flow->ndpi_flow->tcp.fingerprint) {
char buf[128];
diff --git a/example/reader_util.h b/example/reader_util.h
index 37f1b19ad..48458cb6f 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -334,7 +334,7 @@ typedef struct ndpi_flow_info {
char geolocation_iata_code[4];
} dns;
- ndpi_multimedia_flow_type multimedia_flow_type;
+ u_int8_t multimedia_flow_types;
void *src_id, *dst_id;
char *tcp_fingerprint;
diff --git a/fuzz/fuzz_alg_crc32_md5.c b/fuzz/fuzz_alg_crc32_md5.c
index 304d42dc2..31a9635a9 100644
--- a/fuzz/fuzz_alg_crc32_md5.c
+++ b/fuzz/fuzz_alg_crc32_md5.c
@@ -6,10 +6,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
ndpi_MD5_CTX ctx;
struct ndpi_popcount popcount;
char *str;
+ u_int len;
+ u_char out[2048], out2[2048];
+ int pseudo_bool;
/* No memory allocations involved */
- /* Used for crc32, md5, hash(es) and popcount algs */
+ /* Used for crc32, md5, hash(es), popcount and hex2bin algs */
+
+ pseudo_bool = (size % 2 == 0);
ndpi_crc16_ccit(data, size);
ndpi_crc16_ccit_false(data, size);
@@ -44,8 +49,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
}
- ndpi_popcount_init(&popcount);
- ndpi_popcount_count(&popcount, data, size);
+ ndpi_popcount_init(pseudo_bool ? &popcount : NULL);
+ ndpi_popcount_count(pseudo_bool ? &popcount : NULL, data, size);
+
+ len = ndpi_bin2hex(out, sizeof(out), (u_char *)data, size);
+ ndpi_hex2bin(out2, sizeof(out2), out, len);
return 0;
}
diff --git a/fuzz/fuzz_alg_memmem.cpp b/fuzz/fuzz_alg_memmem.cpp
index c8e1e1661..7bafb8554 100644
--- a/fuzz/fuzz_alg_memmem.cpp
+++ b/fuzz/fuzz_alg_memmem.cpp
@@ -29,7 +29,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
/* Let use this fuzzer to check also this simple function... */
- ndpi_strlcpy(dst, (const char *)h, sizeof(dst), h_len);
+ if(fuzzed_data.ConsumeBool())
+ ndpi_strlcpy(dst, (const char *)h, sizeof(dst), h_len);
+ else
+ ndpi_strlcpy(NULL, (const char *)h, 0, h_len);
return 0;
}
diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp
index 6ca213cce..61fbce5ad 100644
--- a/fuzz/fuzz_config.cpp
+++ b/fuzz/fuzz_config.cpp
@@ -36,6 +36,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
char cfg_param[32];
u_int64_t cat_userdata = 0;
u_int16_t unused1, unused2;
+ ndpi_master_app_protocol proto1, proto2;
/* To allow memory allocation failures */
fuzz_set_alloc_callbacks_and_seed(size);
@@ -630,6 +631,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
char buf[8]; /* Too short in same cases... */
if(fuzzed_data.ConsumeBool()) {
ndpi_ssl_version2str(buf, sizeof(buf), fuzzed_data.ConsumeIntegral(), &unused);
+ if(fuzzed_data.ConsumeBool())
+ ndpi_multimedia_flowtype2str(buf, sizeof(buf), static_cast(fuzzed_data.ConsumeIntegral()));
+ else
+ ndpi_multimedia_flowtype2str(NULL, 0, static_cast(fuzzed_data.ConsumeIntegral()));
ndpi_get_ip_proto_name(fuzzed_data.ConsumeIntegral(), buf, sizeof(buf));
} else {
ndpi_ssl_version2str(NULL, 0, fuzzed_data.ConsumeIntegral(), &unused);
@@ -645,6 +650,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
ndpi_fpc_confidence_get_name(static_cast(fuzzed_data.ConsumeIntegral()));
ndpi_get_proto_breed_name(static_cast(fuzzed_data.ConsumeIntegral()));
ndpi_get_l4_proto_name(static_cast(fuzzed_data.ConsumeIntegral()));
+ proto1.app_protocol = fuzzed_data.ConsumeIntegral();
+ proto1.master_protocol = fuzzed_data.ConsumeIntegral();
+ ndpi_is_proto_unknown(proto1);
+ proto2.app_protocol = fuzzed_data.ConsumeIntegral();
+ proto2.master_protocol = fuzzed_data.ConsumeIntegral();
+ ndpi_is_proto_equals(proto1, proto2, fuzzed_data.ConsumeBool());
char buf2[16];
ndpi_entropy2str(fuzzed_data.ConsumeFloatingPoint(), fuzzed_data.ConsumeBool() ? buf2 : NULL, sizeof(buf2));
diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c
index 5399601e5..4e736909d 100644
--- a/fuzz/fuzz_ndpi_reader.c
+++ b/fuzz/fuzz_ndpi_reader.c
@@ -89,14 +89,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
ndpi_set_config(workflow->ndpi_struct, NULL, "flow.track_payload", "1");
ndpi_set_config(workflow->ndpi_struct, NULL, "tcp_ack_payload_heuristic", "1");
ndpi_set_config(workflow->ndpi_struct, "tls", "application_blocks_tracking", "1");
- ndpi_set_config(workflow->ndpi_struct, "stun", "max_packets_extra_dissection", "255");
+ ndpi_set_config(workflow->ndpi_struct, "stun", "max_packets_extra_dissection", "40");
ndpi_set_config(workflow->ndpi_struct, "zoom", "max_packets_extra_dissection", "255");
ndpi_set_config(workflow->ndpi_struct, "rtp", "search_for_stun", "1");
ndpi_set_config(workflow->ndpi_struct, "openvpn", "dpi.heuristics", "0x01");
- ndpi_set_config(workflow->ndpi_struct, "openvpn", "dpi.heuristics.num_messages", "255");
+ ndpi_set_config(workflow->ndpi_struct, "openvpn", "dpi.heuristics.num_messages", "20");
ndpi_set_config(workflow->ndpi_struct, "tls", "metadata.ja4r_fingerprint", "1");
ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics", "0x07");
- ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics.max_packets_extra_dissection", "255");
+ ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics.max_packets_extra_dissection", "40");
ndpi_set_config(workflow->ndpi_struct, "stun", "monitoring", "1");
ndpi_finalize_initialization(workflow->ndpi_struct);
diff --git a/fuzz/fuzz_serialization.cpp b/fuzz/fuzz_serialization.cpp
index 5b5de9fe0..8d8120cd1 100644
--- a/fuzz/fuzz_serialization.cpp
+++ b/fuzz/fuzz_serialization.cpp
@@ -19,7 +19,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
/* To allow memory allocation failures */
fuzz_set_alloc_callbacks_and_seed(size);
- fmt = static_cast(fuzzed_data.ConsumeIntegralInRange(1, 4));
+ fmt = static_cast(fuzzed_data.ConsumeIntegralInRange(1, 5));
if (fuzzed_data.ConsumeBool())
rc = ndpi_init_serializer(&serializer, fmt);
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index a2f103879..a799d8ea5 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -1157,6 +1157,7 @@ extern "C" {
ndpi_protocol const * const l7_protocol);
char* ndpi_ssl_version2str(char *buf, int buf_len,
u_int16_t version, u_int8_t *unknown_tls_version);
+ char *ndpi_multimedia_flowtype2str(char *buf, int buf_len, u_int8_t m_types);
char *ndpi_quic_version2str(char *buf, int buf_len, u_int32_t version);
int ndpi_netbios_name_interpret(u_char *in, u_int in_len, u_char *out, u_int out_len);
void ndpi_patchIPv6Address(char *str);
diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h
index 4e4978cac..646e20ea9 100644
--- a/src/include/ndpi_private.h
+++ b/src/include/ndpi_private.h
@@ -749,7 +749,7 @@ const uint8_t *get_crypto_data(struct ndpi_detection_module_struct *ndpi_struct,
int is_valid_rtp_payload_type(uint8_t type);
int is_rtp_or_rtcp(struct ndpi_detection_module_struct *ndpi_struct,
const u_int8_t *payload, u_int16_t payload_len, u_int16_t *seq);
-u_int8_t rtp_get_stream_type(u_int8_t payloadType, ndpi_multimedia_flow_type *s_type);
+u_int8_t rtp_get_stream_type(u_int8_t payloadType, u_int8_t *s_type, u_int16_t sub_proto);
/* Bittorrent */
u_int64_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, int offset);
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 8c36f7e59..972af6d3c 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -467,6 +467,7 @@ typedef enum {
NDPI_PROTOCOL_TAOBAO = 436,
NDPI_PROTOCOL_MIKROTIK = 437,
NDPI_PROTOCOL_DICOM = 438, /* Hospital Protocol */
+ NDPI_PROTOCOL_PARAMOUNTPLUS = 439,
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 074496fb4..9b852749d 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -86,10 +86,10 @@ typedef enum {
} ndpi_log_level_t;
typedef enum {
- ndpi_multimedia_unknown_flow = 0,
- ndpi_multimedia_audio_flow,
- ndpi_multimedia_video_flow,
- ndpi_multimedia_screen_sharing_flow,
+ ndpi_multimedia_unknown_flow = 0x00,
+ ndpi_multimedia_audio_flow = 0x01,
+ ndpi_multimedia_video_flow = 0x02,
+ ndpi_multimedia_screen_sharing_flow = 0x04,
} ndpi_multimedia_flow_type;
typedef enum {
@@ -1447,7 +1447,7 @@ struct ndpi_flow_struct {
char *username, *password;
} http;
- ndpi_multimedia_flow_type flow_multimedia_type;
+ u_int8_t flow_multimedia_types;
/*
Put outside of the union to avoid issues in case the protocol
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index a24abcad9..b39351566 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -425,6 +425,7 @@ ndpi_protocol_match host_match[] =
{ "ssl-images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "amazonaws.com", "AmazonAWS", NDPI_PROTOCOL_AMAZON_AWS, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "aws.a2z.com", "AmazonAWS", NDPI_PROTOCOL_AMAZON_AWS, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "a2z.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "cloudfront.net", "AmazonAWS", NDPI_PROTOCOL_AMAZON_AWS, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "us-west-2.compute.amazonaws.com", "AmazonAWS", NDPI_PROTOCOL_AMAZON_AWS, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
@@ -459,6 +460,7 @@ ndpi_protocol_match host_match[] =
{ "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, /* iOS */
{ "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, /* MacOS */
{ "-buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
@@ -790,7 +792,7 @@ ndpi_protocol_match host_match[] =
{ "twitch.tv", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "twitchcdn.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN , NDPI_PROTOCOL_DEFAULT_LEVEL},
{ "twitchsvc.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
- { "contribute.live-video.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "live-video.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
@@ -847,6 +849,7 @@ ndpi_protocol_match host_match[] =
{ "webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "bing.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "login.live.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "statics-marketingsites-wcus-ms-com.akamaized.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
@@ -881,6 +884,7 @@ ndpi_protocol_match host_match[] =
{ "testconnectivity.microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "teredo.ipv6.microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "teredo.ipv6.microsoft.com.nsatc.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "cortana.ai", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "azure.com", "Azure", NDPI_PROTOCOL_MICROSOFT_AZURE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "azureedge.us", "Azure", NDPI_PROTOCOL_MICROSOFT_AZURE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
@@ -893,13 +897,13 @@ ndpi_protocol_match host_match[] =
{ "teams.microsoft.us", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "teams.skype.com", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "teams.live.com", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
- { "-teams.cloudapp.net", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "-teams.cloudapp.net", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "teams.trafficmanager.net", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "teams-msgapi.trafficmanager.net", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "teams.office.net", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "teams.office.com", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "statics.teams.cdn.live.net", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
- { "mstea.ms", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "mstea.ms", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "teams.events.data.microsoft.com", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
@@ -1018,6 +1022,9 @@ ndpi_protocol_match host_match[] =
{ "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "bt.co", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "open.stealth.si", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "1337x.to", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "openbittorrent.com", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
@@ -1255,6 +1262,7 @@ ndpi_protocol_match host_match[] =
{ "esvarbl.com", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "abuse.ch", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "dnsbl.", /* www.dnsbl.info */ "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "cleanbrowsing.org", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "pluralsight.com", "Pluralsight", NDPI_PROTOCOL_PLURALSIGHT, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "pluralsight2.imgix.net", "Pluralsight", NDPI_PROTOCOL_PLURALSIGHT, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
@@ -1532,6 +1540,8 @@ ndpi_protocol_match host_match[] =
{ "tvsquared.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, CUSTOM_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
/* Mixpanel facilitates global data analysis by offering event analytics, enabling valuable insights to be derived from data. */
{ "mixpanel.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, CUSTOM_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ /* Equativ (formerly known as Smart AdServer) is a French advertising technology company */
+ { "smartadserver.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, CUSTOM_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
/* Twitter ADS */
{ "ads-twitter.com", "ADS_Analytic_Track", NDPI_PROTOCOL_ADS_ANALYTICS_TRACK, CUSTOM_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
/* TANX (Taobao Ad Network and Exchange) is an advertising and marketing platform based in China */
@@ -1713,6 +1723,16 @@ ndpi_protocol_match host_match[] =
{ "taobao.com", "Taobao", NDPI_PROTOCOL_TAOBAO, NDPI_PROTOCOL_CATEGORY_SHOPPING, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
{ "tmall.com", "Taobao", NDPI_PROTOCOL_TAOBAO, NDPI_PROTOCOL_CATEGORY_SHOPPING, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "paramountplus.com", "ParamountPlus", NDPI_PROTOCOL_PARAMOUNTPLUS, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "pplusstatic.com", "ParamountPlus", NDPI_PROTOCOL_PARAMOUNTPLUS, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "paramount.com", "ParamountPlus", NDPI_PROTOCOL_PARAMOUNTPLUS, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "cbsi.com", "ParamountPlus", NDPI_PROTOCOL_PARAMOUNTPLUS, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "cbsig.net", "ParamountPlus", NDPI_PROTOCOL_PARAMOUNTPLUS, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "cbsstatic.com", "ParamountPlus", NDPI_PROTOCOL_PARAMOUNTPLUS, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "cbsaavideo.com", "ParamountPlus", NDPI_PROTOCOL_PARAMOUNTPLUS, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "pplus.paramount.tech", "ParamountPlus", NDPI_PROTOCOL_PARAMOUNTPLUS, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "cbsi.live.ott.irdeto.com", "ParamountPlus", NDPI_PROTOCOL_PARAMOUNTPLUS, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_content_match_host_match.c.inc"
#endif
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 42f3c076e..a11d9d7e0 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -2315,7 +2315,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IEC62056,
"IEC62056", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 4059, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 4059, 0, 0, 0, 0) /* UDP */);
+ ndpi_build_default_ports(ports_b, 4059, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HL7,
"HL7", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 2575, 0, 0, 0, 0) /* TCP */,
@@ -7227,7 +7227,7 @@ static int ndpi_init_packet(struct ndpi_detection_module_struct *ndpi_str,
#ifdef DEBUG_TCP_OPTIONS
printf("Raw Options Fingerprint: %s\n", options_fp);
#endif
-
+
ndpi_sha256((const u_char*)options_fp, options_fp_len, sha_hash);
snprintf(&fingerprint[fp_idx], sizeof(fingerprint)-fp_idx, "%02x%02x%02x%02x%02x%02x",
@@ -7933,13 +7933,13 @@ static int ndpi_reconcile_msteams_call_udp_port(struct ndpi_flow_struct *flow,
*/
if((dport == 3478) || (dport == 3479) || ((sport >= 50000) && (sport <= 50019)))
- flow->flow_multimedia_type = ndpi_multimedia_audio_flow;
+ flow->flow_multimedia_types |= ndpi_multimedia_audio_flow;
else if((dport == 3480) || ((sport >= 50020) && (sport <= 50039)))
- flow->flow_multimedia_type = ndpi_multimedia_video_flow;
+ flow->flow_multimedia_types |= ndpi_multimedia_video_flow;
else if((dport == 3481) || ((sport >= 50040) && (sport <= 50059)))
- flow->flow_multimedia_type = ndpi_multimedia_screen_sharing_flow;
+ flow->flow_multimedia_types |= ndpi_multimedia_screen_sharing_flow;
else {
- flow->flow_multimedia_type = ndpi_multimedia_unknown_flow;
+ flow->flow_multimedia_types = ndpi_multimedia_unknown_flow;
return(0);
}
@@ -8178,19 +8178,21 @@ int search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struc
*/
static void ndpi_check_tcp_flags(struct ndpi_flow_struct *flow) {
// printf("[TOTAL] %u / %u [tot: %u]\n", flow->packet_direction_complete_counter[0], flow->packet_direction_complete_counter[1], flow->all_packets_counter);
+ bool is_probing = false;
if((flow->l4.tcp.cli2srv_tcp_flags & TH_SYN)
&& (flow->l4.tcp.srv2cli_tcp_flags & TH_RST)
- && (flow->packet_counter == 0 /* Ignore connections terminated by RST but that exchanged data (3WH + RST) */)
- )
- ndpi_set_risk(flow, NDPI_TCP_ISSUES, "Connection refused (server)");
+ && (flow->packet_counter == 0 /* Ignore connections terminated by RST but that exchanged data (3WH + RST) */))
+ ndpi_set_risk(flow, NDPI_TCP_ISSUES, "Connection refused (server)"), is_probing = true;
else if((flow->l4.tcp.cli2srv_tcp_flags & TH_SYN)
&& (flow->l4.tcp.cli2srv_tcp_flags & TH_RST)
- && (flow->packet_counter == 0 /* Ignore connections terminated by RST but that exchanged data (3WH + RST) */)
- )
- ndpi_set_risk(flow, NDPI_TCP_ISSUES, "Connection refused (client)");
+ && (flow->packet_counter == 0 /* Ignore connections terminated by RST but that exchanged data (3WH + RST) */))
+ ndpi_set_risk(flow, NDPI_TCP_ISSUES, "Connection refused (client)"), is_probing = true;
else if((flow->l4.tcp.srv2cli_tcp_flags & TH_RST) && (flow->packet_direction_complete_counter[1 /* server -> client */] == 1))
- ndpi_set_risk(flow, NDPI_TCP_ISSUES, "TCP probing attempt");
+ ndpi_set_risk(flow, NDPI_TCP_ISSUES, "Connection refused"), is_probing = true;
+
+ if(is_probing)
+ ndpi_set_risk(flow, NDPI_PROBING_ATTEMPT, "TCP probing attempt");
}
/* ******************************************************************** */
@@ -8215,7 +8217,6 @@ static void ndpi_check_probing_attempt(struct ndpi_flow_struct *flow) {
break;
case NDPI_PROTOCOL_TLS:
- /* case NDPI_PROTOCOL_QUIC: */
case NDPI_PROTOCOL_MAIL_SMTPS:
case NDPI_PROTOCOL_MAIL_POPS:
case NDPI_PROTOCOL_MAIL_IMAPS:
@@ -8223,6 +8224,11 @@ static void ndpi_check_probing_attempt(struct ndpi_flow_struct *flow) {
if(flow->host_server_name[0] == '\0')
ndpi_set_risk(flow, NDPI_PROBING_ATTEMPT, "TLS Probing");
break;
+
+ case NDPI_PROTOCOL_QUIC:
+ if(flow->host_server_name[0] == '\0')
+ ndpi_set_risk(flow, NDPI_PROBING_ATTEMPT, "QUIC Probing");
+ break;
}
}
}
@@ -8966,6 +8972,32 @@ static void fpc_check_eval(struct ndpi_detection_module_struct *ndpi_str,
}
/* ********************************************************************************* */
+static char* ndpi_expected_ports_str(u_int16_t *default_ports, char *str, u_int str_len) {
+ str[0] = '\0';
+
+ if(default_ports[0] != 0) {
+ u_int8_t i, offset;
+
+ offset = snprintf(str, str_len, "Expected on port ");
+
+ for(i=0; (i 0) ? "," : "", default_ports[i]);
+
+ if(rc > 0)
+ offset += rc;
+ else
+ break;
+ }
+
+ str[offset] = '\0';
+ }
+
+ return(str);
+}
+
+/* ********************************************************************************* */
+
static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow,
const unsigned char *packet_data,
@@ -9184,24 +9216,11 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
if((r == NULL)
|| ((r->proto->protoId != ret.proto.app_protocol) && (r->proto->protoId != ret.proto.master_protocol))) {
- if(default_ports[0] != 0) {
- char str[64];
- u_int8_t i, offset;
+ if(default_ports && (default_ports[0] != 0)) {
+ char str[64];
- offset = snprintf(str, sizeof(str), "Expected on port ");
-
- for(i=0; (i 0) ? "," : "", default_ports[i]);
-
- if(rc > 0)
- offset += rc;
- else
- break;
- }
-
- str[offset] = '\0';
- ndpi_set_risk(flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT, str);
+ ndpi_set_risk(flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT,
+ ndpi_expected_ports_str(default_ports, str, sizeof(str)));
}
}
}
@@ -9232,9 +9251,25 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
ntohs(flow->c_port), ntohs(flow->s_port));
if((r == NULL)
- || ((r->proto->protoId != ret.proto.app_protocol) && (r->proto->protoId != ret.proto.master_protocol))) {
- if(ret.proto.app_protocol != NDPI_PROTOCOL_FTP_DATA)
- ndpi_set_risk(flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT,NULL);
+ || ((r->proto->protoId != ret.proto.app_protocol)
+ && (r->proto->protoId != ret.proto.master_protocol))) {
+ if(ret.proto.app_protocol != NDPI_PROTOCOL_FTP_DATA) {
+ u_int16_t *default_ports;
+
+ if(packet->udp)
+ default_ports = ndpi_str->proto_defaults[ret.proto.master_protocol ? ret.proto.master_protocol : ret.proto.app_protocol].udp_default_ports;
+ else if(packet->tcp)
+ default_ports = ndpi_str->proto_defaults[ret.proto.master_protocol ? ret.proto.master_protocol : ret.proto.app_protocol].tcp_default_ports;
+ else
+ default_ports = NULL;
+
+ if(default_ports && (default_ports[0] != 0)) {
+ char str[64];
+
+ ndpi_set_risk(flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT,
+ ndpi_expected_ports_str(default_ports, str, sizeof(str)));
+ }
+ }
}
}
}
@@ -9607,7 +9642,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str,
/* If end of line char sequence CR+NL "\r\n", process line */
flow->http.request_header_observed = 1;
-
+
if(((a + 3) < packet->payload_packet_len)
&& (packet->payload[a+2] == 0x0d)
&& (packet->payload[a+3] == 0x0a)) {
diff --git a/src/lib/ndpi_os_fingerprint.c.inc b/src/lib/ndpi_os_fingerprint.c.inc
index 3909faf02..f23662934 100644
--- a/src/lib/ndpi_os_fingerprint.c.inc
+++ b/src/lib/ndpi_os_fingerprint.c.inc
@@ -7,9 +7,10 @@ static struct os_fingerprint tcp_fps[] = {
{ "2_64_29200_d853e95bd80f", os_hint_linux }, /* Sonos */
{ "2_64_14600_8c07a80cc645", os_hint_linux }, /* QNAP */
{ "2_64_64240_2e3cee914fc1", os_hint_linux }, /* rPI */
+ { "2_64_32120_2e3cee914fc1", os_hint_linux }, /* rPI */
{ "2_64_29200_90541420d839", os_hint_linux }, /* Suse Linux */
{ "2_64_64240_41a9d5af7dd3", os_hint_linux },
-
+
{ "2_64_65535_d876f498b09e", os_hint_android },
{ "2_64_65535_685ad951a756", os_hint_android },
{ "2_64_65535_41a9d5af7dd3", os_hint_android },
@@ -32,7 +33,12 @@ static struct os_fingerprint tcp_fps[] = {
{ "194_64_65535_d29295416479", os_hint_macos },
{ "194_64_65535_78dd6871cb6d", os_hint_macos },
{ "2_64_65535_d29295416479", os_hint_macos },
+ { "2_64_0_d29295416479", os_hint_macos },
+ { "2_64_65535_d29295416479", os_hint_macos },
{ "2_64_65535_dd5737e4fedb", os_hint_macos },
+ { "2_64_65535_99a660d3e328", os_hint_macos },
+ { "2_64_65535_78dd6871cb6d", os_hint_macos },
+ { "2_64_65535_09b18f059744", os_hint_macos },
{ NULL, os_hint_unknown },
};
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 6f867dbc7..8e4af4966 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -841,6 +841,38 @@ const char* ndpi_get_flow_info(struct ndpi_flow_struct const * const flow,
/* ********************************** */
+char *ndpi_multimedia_flowtype2str(char *buf, int buf_len, u_int8_t m_types)
+{
+ int rc, len = 0;
+
+ if(buf == NULL || buf_len <= 1)
+ return NULL;
+
+ buf[0] = '\0';
+
+ if(m_types == ndpi_multimedia_unknown_flow) {
+ rc = ndpi_snprintf(buf + len, buf_len - len, "Unknown", len > 0 ? ", " : "");
+ if(rc > 0 && len + rc < buf_len) len += rc; else return NULL;
+ }
+
+ if(m_types & ndpi_multimedia_audio_flow) {
+ rc = ndpi_snprintf(buf + len, buf_len - len, "%sAudio", len > 0 ? ", " : "");
+ if(rc > 0 && len + rc < buf_len) len += rc; else return NULL;
+ }
+ if(m_types & ndpi_multimedia_video_flow) {
+ rc = ndpi_snprintf(buf + len, buf_len - len, "%sVideo", len > 0 ? ", " : "");
+ if(rc > 0 && len + rc < buf_len) len += rc; else return NULL;
+ }
+ if(m_types & ndpi_multimedia_screen_sharing_flow) {
+ rc = ndpi_snprintf(buf + len, buf_len - len, "%sScreen Sharing", len > 0 ? ", " : "");
+ if(rc > 0 && len + rc < buf_len) len += rc; else return NULL;
+ }
+
+ return buf;
+}
+
+/* ********************************** */
+
char* ndpi_ssl_version2str(char *buf, int buf_len,
u_int16_t version, u_int8_t *unknown_tls_version) {
if(unknown_tls_version)
@@ -1274,6 +1306,7 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
char buf[64];
char const *host_server_name;
char quic_version[16];
+ char content[64] = {0};
u_int i;
if(flow == NULL) return(-1);
@@ -1288,6 +1321,10 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_serialize_string_string(serializer, "domainame", ndpi_get_host_domain(ndpi_struct, host_server_name));
}
+ if(flow->flow_multimedia_types != ndpi_multimedia_unknown_flow) {
+ ndpi_serialize_string_string(serializer, "stream_content", ndpi_multimedia_flowtype2str(content, sizeof(content), flow->flow_multimedia_types));
+ }
+
switch(l7_protocol.proto.master_protocol ? l7_protocol.proto.master_protocol : l7_protocol.proto.app_protocol) {
case NDPI_PROTOCOL_IP_ICMP:
if(flow->entropy > 0.0f) {
@@ -1609,6 +1646,19 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_serialize_end_of_block(serializer);
break;
+ case NDPI_PROTOCOL_SIP:
+ ndpi_serialize_start_of_block(serializer, "sip");
+ if(flow->protos.sip.from)
+ ndpi_serialize_string_string(serializer, "from", flow->protos.sip.from);
+ if(flow->protos.sip.from_imsi[0] != '\0')
+ ndpi_serialize_string_string(serializer, "from_imsi", flow->protos.sip.from_imsi);
+ if(flow->protos.sip.to)
+ ndpi_serialize_string_string(serializer, "to", flow->protos.sip.to);
+ if(flow->protos.sip.to_imsi[0] != '\0')
+ ndpi_serialize_string_string(serializer, "to_imsi", flow->protos.sip.to_imsi);
+ ndpi_serialize_end_of_block(serializer);
+ break;
+
case NDPI_PROTOCOL_TLS:
case NDPI_PROTOCOL_DTLS:
ndpi_tls2json(serializer, flow);
diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c
index bb9a8aecb..7cdb6e42e 100644
--- a/src/lib/protocols/rtp.c
+++ b/src/lib/protocols/rtp.c
@@ -40,43 +40,164 @@ int is_valid_rtp_payload_type(uint8_t type)
return 1;
}
-u_int8_t rtp_get_stream_type(u_int8_t payloadType, ndpi_multimedia_flow_type *s_type)
+u_int8_t rtp_get_stream_type(u_int8_t payloadType, u_int8_t *s_type, u_int16_t sub_proto)
{
+ /* General, from IANA */
switch(payloadType) {
case 0: /* G.711 u-Law */
case 3: /* GSM 6.10 */
case 4: /* G.723.1 */
+ case 5: /* DVI4 */
+ case 6: /* DVI4 */
+ case 7: /* LPC */
case 8: /* G.711 A-Law */
case 9: /* G.722 */
+ case 10: /* L16 */
+ case 11: /* L16 */
+ case 12: /* QCELP */
case 13: /* Comfort Noise */
- case 96: /* Dynamic RTP */
- case 97: /* Redundant Audio Data Payload */
- case 98: /* DynamicRTP-Type-98 (Zoom) */
- case 101: /* DTMF */
- case 103: /* SILK Narrowband */
- case 104: /* SILK Wideband */
- case 111: /* Siren */
- case 112: /* G.722.1 */
- case 114: /* RT Audio Wideband */
- case 115: /* RT Audio Narrowband */
- case 116: /* G.726 */
- case 117: /* G.722 */
- case 118: /* Comfort Noise Wideband */
- *s_type = ndpi_multimedia_audio_flow;
- return(1);
-
- case 34: /* H.263 [MS-H26XPF] */
- case 121: /* RT Video */
- case 122: /* H.264 [MS-H264PF] */
- case 123: /* H.264 FEC [MS-H264PF] */
- case 127: /* x-data */
- *s_type = ndpi_multimedia_video_flow;
+ case 14: /* MPA */
+ case 15: /* G728 */
+ case 16: /* DVI4 */
+ case 17: /* DVI4 */
+ case 18: /* G729 */
+ *s_type |= ndpi_multimedia_audio_flow;
return(1);
- default:
- *s_type = ndpi_multimedia_unknown_flow;
- return(0);
+ case 25: /* CelB */
+ case 26: /* JPEG */
+ case 28: /* nv */
+ case 31: /* H261 */
+ case 32: /* MPV */
+ case 34: /* H263 */
+ *s_type |= ndpi_multimedia_video_flow;
+ return(1);
}
+
+ /* Microsoft; from https://learn.microsoft.com/en-us/openspecs/office_protocols/ms-rtp/3b8dc3c6-34b8-4827-9b38-3b00154f471c */
+ if(sub_proto == NDPI_PROTOCOL_SKYPE_TEAMS_CALL) {
+ switch(payloadType) {
+ case 103: /* SILK Narrowband */
+ case 104: /* SILK Wideband */
+ case 106: /* OPUS */
+ case 111: /* Siren */
+ case 112: /* G.722.1 */
+ case 114: /* RT Audio Wideband */
+ case 115: /* RT Audio Narrowband */
+ case 116: /* G.726 */
+ case 117: /* G.722 */
+ case 118: /* Comfort Noise Wideband */
+ *s_type |= ndpi_multimedia_audio_flow;
+ return(1);
+
+ case 34: /* H.263 [MS-H26XPF] */
+ case 121: /* RT Video */
+ case 122: /* H.264 [MS-H264PF] */
+ case 123: /* H.264 FEC [MS-H264PF] */
+ *s_type |= ndpi_multimedia_video_flow;
+ return(1);
+
+ default:
+ *s_type |= ndpi_multimedia_unknown_flow;
+ return(0);
+ }
+ }
+
+ /* Dynamic PTs are... dynamic... :D
+ * Looking at some traces, it seems specific applications keep using
+ * always the same PT for audio/video...
+ * TODO: something better?
+ * Bottom line: checking only PT is very fast/easy, but we might have
+ * false positives/negatives
+ */
+
+ if(sub_proto == NDPI_PROTOCOL_GOOGLE_CALL) {
+ switch(payloadType) {
+ case 111:
+ *s_type |= ndpi_multimedia_audio_flow;
+ return(1);
+
+ case 96:
+ case 100:
+ *s_type |= ndpi_multimedia_video_flow;
+ return(1);
+
+ default:
+ *s_type |= ndpi_multimedia_unknown_flow;
+ return(0);
+ }
+ }
+
+ if(sub_proto == NDPI_PROTOCOL_WHATSAPP_CALL) {
+ switch(payloadType) {
+ case 120:
+ *s_type |= ndpi_multimedia_audio_flow;
+ return(1);
+
+ case 97:
+ case 102:
+ *s_type |= ndpi_multimedia_video_flow;
+ return(1);
+
+ default:
+ *s_type |= ndpi_multimedia_unknown_flow;
+ return(0);
+ }
+ }
+
+ if(sub_proto == NDPI_PROTOCOL_FACEBOOK_VOIP) {
+ switch(payloadType) {
+ case 96:
+ case 97:
+ case 101:
+ case 109:
+ *s_type |= ndpi_multimedia_audio_flow;
+ return(1);
+
+ case 127:
+ *s_type |= ndpi_multimedia_video_flow;
+ return(1);
+
+ default:
+ *s_type |= ndpi_multimedia_unknown_flow;
+ return(0);
+ }
+ }
+
+ if(sub_proto == NDPI_PROTOCOL_TELEGRAM_VOIP) {
+ switch(payloadType) {
+ case 111:
+ *s_type |= ndpi_multimedia_audio_flow;
+ return(1);
+
+ case 106:
+ *s_type |= ndpi_multimedia_video_flow;
+ return(1);
+
+ default:
+ *s_type |= ndpi_multimedia_unknown_flow;
+ return(0);
+ }
+ }
+
+ if(sub_proto == NDPI_PROTOCOL_SIGNAL_VOIP) {
+ switch(payloadType) {
+ case 102:
+ *s_type |= ndpi_multimedia_audio_flow;
+ return(1);
+
+ case 120:
+ *s_type |= ndpi_multimedia_video_flow;
+ return(1);
+
+ default:
+ *s_type |= ndpi_multimedia_unknown_flow;
+ return(0);
+ }
+ }
+
+ *s_type |= ndpi_multimedia_unknown_flow;
+ return(0);
}
static int is_valid_rtcp_payload_type(uint8_t type) {
@@ -203,7 +324,7 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
NDPI_EXCLUDE_PROTO_EXT(ndpi_struct, flow, NDPI_PROTOCOL_RTCP);
} else {
- rtp_get_stream_type(payload[1] & 0x7F, &flow->flow_multimedia_type);
+ rtp_get_stream_type(payload[1] & 0x7F, &flow->flow_multimedia_types, NDPI_PROTOCOL_UNKNOWN);
NDPI_LOG_INFO(ndpi_struct, "Found RTP\n");
ndpi_int_rtp_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTP);
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index c6898c054..dc881270c 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -877,7 +877,7 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct,
NDPI_LOG_DBG(ndpi_struct, "RTP (dir %d)\n", packet->packet_direction);
NDPI_LOG_INFO(ndpi_struct, "Found RTP over STUN\n");
- rtp_get_stream_type(packet->payload[1] & 0x7F, &flow->flow_multimedia_type);
+ rtp_get_stream_type(packet->payload[1] & 0x7F, &flow->flow_multimedia_types, flow->detected_protocol_stack[0]);
if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_RTP &&
flow->detected_protocol_stack[0] != NDPI_PROTOCOL_RTCP &&
diff --git a/src/lib/protocols/zoom.c b/src/lib/protocols/zoom.c
index 3f2884c4e..2f58a6b60 100644
--- a/src/lib/protocols/zoom.c
+++ b/src/lib/protocols/zoom.c
@@ -53,7 +53,7 @@ static void ndpi_int_zoom_add_connection(struct ndpi_detection_module_struct *nd
struct ndpi_flow_struct *flow) {
u_int16_t master;
- if(flow->flow_multimedia_type != ndpi_multimedia_unknown_flow)
+ if(flow->flow_multimedia_types != ndpi_multimedia_unknown_flow)
master = NDPI_PROTOCOL_SRTP;
else
master = NDPI_PROTOCOL_UNKNOWN;
@@ -91,7 +91,7 @@ static int is_zme(struct ndpi_detection_module_struct *ndpi_struct,
case 13: /* Screen Share: RTP is not always there, expecially at the beginning of the flow */
if(payload_len > 27) {
if(is_rtp_or_rtcp(ndpi_struct, payload + 27, payload_len - 27, NULL) == IS_RTP) {
- flow->flow_multimedia_type = ndpi_multimedia_screen_sharing_flow;
+ flow->flow_multimedia_types |= ndpi_multimedia_screen_sharing_flow;
}
return 1;
}
@@ -100,7 +100,7 @@ static int is_zme(struct ndpi_detection_module_struct *ndpi_struct,
case 30: /* P2P Screen Share: it seems RTP is always present */
if(payload_len > 20 &&
is_rtp_or_rtcp(ndpi_struct, payload + 20, payload_len - 20, NULL) == IS_RTP) {
- flow->flow_multimedia_type = ndpi_multimedia_screen_sharing_flow;
+ flow->flow_multimedia_types |= ndpi_multimedia_screen_sharing_flow;
return 1;
}
break;
@@ -108,7 +108,7 @@ static int is_zme(struct ndpi_detection_module_struct *ndpi_struct,
case 15: /* RTP Audio */
if(payload_len > 19 &&
is_rtp_or_rtcp(ndpi_struct, payload + 19, payload_len - 19, NULL) == IS_RTP) {
- flow->flow_multimedia_type = ndpi_multimedia_audio_flow;
+ flow->flow_multimedia_types |= ndpi_multimedia_audio_flow;
return 1;
}
break;
@@ -116,7 +116,7 @@ static int is_zme(struct ndpi_detection_module_struct *ndpi_struct,
case 16: /* RTP Video */
if(payload_len > 24 &&
is_rtp_or_rtcp(ndpi_struct, payload + 24, payload_len - 24, NULL) == IS_RTP) {
- flow->flow_multimedia_type = ndpi_multimedia_video_flow;
+ flow->flow_multimedia_types |= ndpi_multimedia_video_flow;
return 1;
}
break;
@@ -162,6 +162,9 @@ static int zoom_search_again(struct ndpi_detection_module_struct *ndpi_struct,
{
struct ndpi_packet_struct *packet = ndpi_get_packet_struct(ndpi_struct);
+ if(ndpi_struct->packet.payload_packet_len == 0)
+ return keep_extra_dissection(flow);
+
if(!flow->l4.udp.zoom_p2p &&
is_sfu_5(ndpi_struct, flow)) {
ndpi_int_zoom_add_connection(ndpi_struct, flow);
diff --git a/tests/cfgs/caches_cfg/result/teams.pcap.out b/tests/cfgs/caches_cfg/result/teams.pcap.out
index 3b1931d55..68214901e 100644
--- a/tests/cfgs/caches_cfg/result/teams.pcap.out
+++ b/tests/cfgs/caches_cfg/result/teams.pcap.out
@@ -86,24 +86,24 @@ JA3 Host Stats:
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
- 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
+ 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 125/Skype_Teams, Confidence: DNS][DPI packets: 5][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
- 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
- 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
+ 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
+ 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][Mapped IP/Port: 93.71.110.205:16332][Peer IP/Port: 159.145.24.130:64794][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
45 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
46 UDP 192.168.1.6:50017 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 99/97 2002/2002 3906/3906 1904/1904][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
47 UDP 192.168.1.6:50037 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 95/94 2000/2000 3905/3905 1905/1906][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
51 UDP 192.168.1.6:50016 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 UDP 192.168.1.6:50036 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -115,8 +115,8 @@ JA3 Host Stats:
59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.219/DNS.Microsoft365, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.26/DNS.ntop, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][0.0.0.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/caches_global/result/bittorrent.pcap.out b/tests/cfgs/caches_global/result/bittorrent.pcap.out
index 71b7b5db6..6f0a08a12 100644
--- a/tests/cfgs/caches_global/result/bittorrent.pcap.out
+++ b/tests/cfgs/caches_global/result/bittorrent.pcap.out
@@ -24,27 +24,27 @@ BitTorrent 299 305728 24
Acceptable 299 305728 24
- 1 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][Goodput ratio: 59/95][5.77 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 12/0 319/30 779/919 241/95][Pkt Len c2s/s2c min/avg/max/stddev: 83/80 161/1463 242/1506 58/218][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 2,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
+ 1 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][Goodput ratio: 59/95][5.77 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 12/0 319/30 779/919 241/95][Pkt Len c2s/s2c min/avg/max/stddev: 83/80 161/1463 242/1506 58/218][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 2,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
2 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/583 bytes <-> 4 pkts/975 bytes][Goodput ratio: 55/73][4.11 sec][bytes ratio: -0.252 (Download)][IAT c2s/s2c min/avg/max/stddev: 132/72 959/2027 1966/3982 760/1955][Pkt Len c2s/s2c min/avg/max/stddev: 80/73 146/244 198/648 44/235][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,12,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/640 bytes <-> 3 pkts/910 bytes][Goodput ratio: 59/78][3.54 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 489/661 1178/883 1943/1105 596/222][Pkt Len c2s/s2c min/avg/max/stddev: 75/113 160/303 241/650 62/246][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 14,14,28,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/583 bytes <-> 2 pkts/818 bytes][Goodput ratio: 77/84][1.89 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,25,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/640 bytes <-> 3 pkts/910 bytes][Goodput ratio: 59/78][3.54 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 489/661 1178/883 1943/1105 596/222][Pkt Len c2s/s2c min/avg/max/stddev: 75/113 160/303 241/650 62/246][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 14,14,28,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/583 bytes <-> 2 pkts/818 bytes][Goodput ratio: 77/84][1.89 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,25,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/582 bytes <-> 2 pkts/796 bytes][Goodput ratio: 66/83][0.92 sec][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/510 bytes <-> 2 pkts/771 bytes][Goodput ratio: 61/83][0.92 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,20,60,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/410 bytes <-> 3 pkts/851 bytes][Goodput ratio: 52/77][0.81 sec][bytes ratio: -0.350 (Download)][IAT c2s/s2c min/avg/max/stddev: 320/159 407/298 494/436 87/138][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 137/284 196/601 47/227][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 2 pkts/771 bytes][Goodput ratio: 56/83][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/442 bytes <-> 2 pkts/771 bytes][Goodput ratio: 55/83][0.94 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/440 bytes <-> 2 pkts/772 bytes][Goodput ratio: 55/83][0.27 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 11 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.36 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.26 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 13 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/430 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.45 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/409 bytes <-> 2 pkts/771 bytes][Goodput ratio: 51/83][0.25 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 2 pkts/796 bytes][Goodput ratio: 50/83][0.23 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 1 pkts/624 bytes][Goodput ratio: 50/89][0.22 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 17 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/349 bytes <-> 2 pkts/265 bytes][Goodput ratio: 62/50][1.91 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,25,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 1 pkts/157 bytes][Goodput ratio: 56/58][0.15 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,50,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 20 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 21 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 24 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/510 bytes <-> 2 pkts/771 bytes][Goodput ratio: 61/83][0.92 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,20,60,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/410 bytes <-> 3 pkts/851 bytes][Goodput ratio: 52/77][0.81 sec][bytes ratio: -0.350 (Download)][IAT c2s/s2c min/avg/max/stddev: 320/159 407/298 494/436 87/138][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 137/284 196/601 47/227][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 2 pkts/771 bytes][Goodput ratio: 56/83][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/442 bytes <-> 2 pkts/771 bytes][Goodput ratio: 55/83][0.94 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/440 bytes <-> 2 pkts/772 bytes][Goodput ratio: 55/83][0.27 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 11 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.36 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.26 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 13 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/430 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.45 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/409 bytes <-> 2 pkts/771 bytes][Goodput ratio: 51/83][0.25 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 2 pkts/796 bytes][Goodput ratio: 50/83][0.23 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 1 pkts/624 bytes][Goodput ratio: 50/89][0.22 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 17 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/349 bytes <-> 2 pkts/265 bytes][Goodput ratio: 62/50][1.91 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,25,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 1 pkts/157 bytes][Goodput ratio: 56/58][0.15 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,50,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 20 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 21 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 22 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 24 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out
index b130702bd..92ad54c75 100644
--- a/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out
+++ b/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out
@@ -37,11 +37,11 @@ JA3 Host Stats:
2 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44144 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.16 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
3 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44150 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
4 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44192 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
- 5 UDP [2a2f:8509:1cb2:466d:ecbf:69d6:109c:608]:62229 -> [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][9 pkts/2397 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][9.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1249/0 8358/0 2694/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 266/0 610/0 243/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (added.f)][Plen Bins: 44,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP [2a2f:8509:1cb2:466d:ecbf:69d6:109c:608]:62229 -> [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][9 pkts/2397 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][9.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1249/0 8358/0 2694/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 266/0 610/0 243/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (added.f)][Plen Bins: 44,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP [3069:c624:1d42:9469:98b1:67ff:fe43:325]:56131 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][11 pkts/1958 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][2.35 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/0 236/0 1183/0 350/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 178/0 214/0 41/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BHBeRjaHJ)][Plen Bins: 9,0,18,0,72,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP [2118:ec33:112b:7908:2c80:27ff:fef7:d71f]:48415 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][11 pkts/1742 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][2.97 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 279/0 1388/0 400/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 158/0 214/0 51/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (NGuJOnsW)][Plen Bins: 18,0,36,0,45,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27]:60506 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][11 pkts/1319 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][6.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 670/0 2769/0 758/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 120/0 431/0 99/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (added.f)][Plen Bins: 72,18,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][8.49 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [38b2:46b7:27a4:94c3:c134:948:e069:d71f]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][20.08 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27]:60506 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][11 pkts/1319 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][6.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 670/0 2769/0 758/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 120/0 431/0 99/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (added.f)][Plen Bins: 72,18,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][8.49 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [38b2:46b7:27a4:94c3:c134:948:e069:d71f]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][20.08 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP [3297:a1af:5121:cfc:360b:2e07:872f:1ea0]:43865 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][2 pkts/296 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][0.26 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BZ9/sp6)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/caches_global/result/teams.pcap.out b/tests/cfgs/caches_global/result/teams.pcap.out
index 0373a15ec..4b74a7802 100644
--- a/tests/cfgs/caches_global/result/teams.pcap.out
+++ b/tests/cfgs/caches_global/result/teams.pcap.out
@@ -86,24 +86,24 @@ JA3 Host Stats:
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
- 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
+ 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 125/Skype_Teams, Confidence: DNS][DPI packets: 5][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
- 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
- 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
+ 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
+ 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][Mapped IP/Port: 93.71.110.205:16332][Peer IP/Port: 159.145.24.130:64794][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
45 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
46 UDP 192.168.1.6:50017 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 99/97 2002/2002 3906/3906 1904/1904][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
47 UDP 192.168.1.6:50037 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 95/94 2000/2000 3905/3905 1905/1906][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
51 UDP 192.168.1.6:50016 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 UDP 192.168.1.6:50036 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -115,8 +115,8 @@ JA3 Host Stats:
59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.219/DNS.Microsoft365, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.26/DNS.ntop, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][0.0.0.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/pcap/signal_audiocall.pcapng b/tests/cfgs/default/pcap/signal_audiocall.pcapng
new file mode 100644
index 000000000..6c0e62e0b
Binary files /dev/null and b/tests/cfgs/default/pcap/signal_audiocall.pcapng differ
diff --git a/tests/cfgs/default/pcap/signal_videocall.pcapng b/tests/cfgs/default/pcap/signal_videocall.pcapng
new file mode 100644
index 000000000..1a78b9f48
Binary files /dev/null and b/tests/cfgs/default/pcap/signal_videocall.pcapng differ
diff --git a/tests/cfgs/default/pcap/sites2.pcapng b/tests/cfgs/default/pcap/sites2.pcapng
index 936c14043..3c5298306 100644
Binary files a/tests/cfgs/default/pcap/sites2.pcapng and b/tests/cfgs/default/pcap/sites2.pcapng differ
diff --git a/tests/cfgs/default/pcap/telegram_videocall_2.pcapng b/tests/cfgs/default/pcap/telegram_videocall_2.pcapng
new file mode 100644
index 000000000..d9aca6fdc
Binary files /dev/null and b/tests/cfgs/default/pcap/telegram_videocall_2.pcapng differ
diff --git a/tests/cfgs/default/pcap/telegram_voice.pcapng b/tests/cfgs/default/pcap/telegram_voice.pcapng
new file mode 100644
index 000000000..c4d642ed4
Binary files /dev/null and b/tests/cfgs/default/pcap/telegram_voice.pcapng differ
diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out
index 6032d5d8d..c863d7b91 100644
--- a/tests/cfgs/default/result/1kxun.pcap.out
+++ b/tests/cfgs/default/result/1kxun.pcap.out
@@ -140,7 +140,7 @@ JA3 Host Stats:
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
87 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
88 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
89 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -156,9 +156,9 @@ JA3 Host Stats:
99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0]
100 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
105 TCP 192.168.2.126:41134 <-> 129.226.107.77:80 [proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 2][cat: Chat/9][1 pkts/324 bytes <-> 1 pkts/518 bytes][Goodput ratio: 83/89][0.19 sec][Hostname/SNI: cgi.connect.qq.com][URL: cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135][StatusCode: 302][Content-Type: text/html][Server: stgw][User-Agent: AndroidSDK_30_generic_x86_arm_11][PLAIN TEXT (GET /qq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
106 TCP 192.168.2.126:38834 <-> 119.45.78.184:80 [proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/655 bytes <-> 1 pkts/170 bytes][Goodput ratio: 80/61][0.31 sec][Hostname/SNI: pingma.qq.com][URL: pingma.qq.com:80/mstat/report][StatusCode: 404][Risk: ** HTTP Susp User-Agent **** Error Code **][Risk Score: 110][Risk Info: Empty or missing User-Agent / HTTP Error Code 404][PLAIN TEXT (POST /mstat/report HTTP/1.1)][Plen Bins: 0,0,0,33,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out
index 69638be02..4777f6d85 100644
--- a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out
+++ b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out
@@ -51,7 +51,7 @@ JA3 Host Stats:
7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/TLS.KakaoTalk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 193/KakaoTalk, Confidence: DNS][DPI packets: 13][cat: Chat/9][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][Goodput ratio: 63/84][11.34 sec][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1114/74 10357/172 3082/62][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 157/364 429/1336 152/451][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **** Malicious Fingerpint **][Risk Score: 250][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][ServerNames: *.kakao.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Issuer: C=US, O=Thawte, Inc., CN=Thawte SSL CA][Subject: C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com][Certificate SHA-1: 0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4][Validity: 2014-04-18 00:00:00 - 2016-04-17 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,16,0,0,0,8,8,0,0,0,16,25,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0]
8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 21][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes][Goodput ratio: 48/63][46.77 sec][bytes ratio: 0.137 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/36 2833/4340 12590/13131 4126/4407][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 131/188 657/274 136/75][Risk: ** Fully Encrypted Flow **][Risk Score: 50][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][Plen Bins: 13,13,27,0,27,6,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 18][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][Goodput ratio: 71/25][24.52 sec][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3456/3426 12765/12806 4427/4480][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193/75 303/98 123/21][Plen Bins: 0,44,0,0,0,0,0,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][Goodput ratio: 27/87][0.31 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107/56 199/108 92/52][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 97/533 146/1456 35/652][Risk: ** Known Proto on Non Std Port **** Obsolete TLS (v1.1 or older) **][Risk Score: 150][Risk Info: TLSv1][TCP Fingerprint: 2_64_14000_078416dac97d/Unknown][TLSv1][JA3C: d9ce50c62ab1fd5932da3c6b6d406c65][JA4: t10d150000_e2ff6cb279ee_e3b0c44298fc][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0]
+ 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][Goodput ratio: 27/87][0.31 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107/56 199/108 92/52][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 97/533 146/1456 35/652][Risk: ** Known Proto on Non Std Port **** Obsolete TLS (v1.1 or older) **][Risk Score: 150][Risk Info: TLSv1 / Expected on port 443][TCP Fingerprint: 2_64_14000_078416dac97d/Unknown][TLSv1][JA3C: d9ce50c62ab1fd5932da3c6b6d406c65][JA4: t10d150000_e2ff6cb279ee_e3b0c44298fc][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0]
11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 119/Facebook, Confidence: DNS][DPI packets: 7][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Goodput ratio: 38/45][21.97 sec][Hostname/SNI: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/40 115/102 264/210 106/77][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97/104 243/339 73/105][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 7][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Goodput ratio: 38/49][21.81 sec][Hostname/SNI: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5452/101 21457/215 9241/81][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97/114 243/339 73/112][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 14][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes][Goodput ratio: 0/0][25.75 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 136/98 3845/3844 13075/13111 4719/4735][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 56/56 56/56 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -74,9 +74,9 @@ JA3 Host Stats:
30 UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.119/DNS.Facebook, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/118 bytes][Goodput ratio: 43/62][0.05 sec][Hostname/SNI: api.facebook.com][31.13.68.84][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
31 UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 42/61][0.08 sec][Hostname/SNI: auth.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/114 bytes][Goodput ratio: 42/61][0.03 sec][Hostname/SNI: item.kakao.com][210.103.240.15][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 33 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 25/0][41.33 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 33 TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/181 bytes -> 0 pkts/0 bytes][Goodput ratio: 25/0][41.33 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.193/DNS.KakaoTalk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 45/54][0.04 sec][Hostname/SNI: dn-l.talk.kakao.com][110.76.141.86][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 35 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 35 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
36 ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/147 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
37 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 38 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 38 TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: No client to server traffic / Connection refused / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
index 7d1254b9e..d8bac9325 100644
--- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
+++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
@@ -46,7 +46,7 @@ JA3 Host Stats:
1 UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][757 pkts/106335 bytes <-> 746 pkts/93906 bytes][Goodput ratio: 69/65][45.42 sec][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/48 202/340 49/48][Pkt Len c2s/s2c min/avg/max/stddev: 99/99 140/126 234/236 43/33][PLAIN TEXT (46yOXQ)][Plen Bins: 0,60,19,16,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][746 pkts/93906 bytes <-> 742 pkts/104604 bytes][Goodput ratio: 65/69][45.02 sec][bytes ratio: -0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/0 58/49 112/476 23/54][Pkt Len c2s/s2c min/avg/max/stddev: 99/99 126/141 236/234 33/43][PLAIN TEXT (46yOXQ)][Plen Bins: 0,61,18,16,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 91.193/TLS.KakaoTalk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Chat/9][22 pkts/5326 bytes <-> 18 pkts/5212 bytes][Goodput ratio: 72/76][51.59 sec][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 14/0 2358/3528 20472/21237 5098/5912][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 242/290 878/920 254/276][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 350][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA / C=KR, L=Seoul, O=Kakao, CN=Kakao.com][TCP Fingerprint: 2_64_14000_078416dac97d/Unknown][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][JA4: t10d120300_b275ccc1cd51_a875e5012fde][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Issuer: C=KR, L=Seoul, O=Kakao, CN=Kakao.com][Subject: C=KR, L=Seoul, O=Kakao, CN=Kakao.com][Certificate SHA-1: 65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9][Validity: 2011-12-05 09:19:25 - 2021-12-02 09:19:25][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,0,0,0,5,35,0,5,0,15,5,5,0,0,0,0,0,0,0,0,5,5,0,0,10,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 91.193/TLS.KakaoTalk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Chat/9][22 pkts/5326 bytes <-> 18 pkts/5212 bytes][Goodput ratio: 72/76][51.59 sec][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 14/0 2358/3528 20472/21237 5098/5912][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 242/290 878/920 254/276][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 350][Risk Info: TLSv1 / Expected on port 443 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA / C=KR, L=Seoul, O=Kakao, CN=Kakao.com][TCP Fingerprint: 2_64_14000_078416dac97d/Unknown][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][JA4: t10d120300_b275ccc1cd51_a875e5012fde][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Issuer: C=KR, L=Seoul, O=Kakao, CN=Kakao.com][Subject: C=KR, L=Seoul, O=Kakao, CN=Kakao.com][Certificate SHA-1: 65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9][Validity: 2011-12-05 09:19:25 - 2021-12-02 09:19:25][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,0,0,0,5,35,0,5,0,15,5,5,0,0,0,0,0,0,0,0,5,5,0,0,10,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 91.193/TLS.KakaoTalk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Chat/9][23 pkts/4380 bytes <-> 22 pkts/5728 bytes][Goodput ratio: 64/73][52.84 sec][bytes ratio: -0.133 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 691/1317 6069/10226 1399/2632][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 190/260 814/920 164/241][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 350][Risk Info: TLSv1 / Expected on port 443 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA / C=KR, L=Seoul, O=Kakao, CN=Kakao.com][TCP Fingerprint: 2_64_14600_f6101b157c46/Unknown][TLSv1][JA3C: 4b79ae67eb3b2cf1c75e68ea0100ca1b][JA4: t10d120300_b275ccc1cd51_a875e5012fde][JA3S: 4ea82b75038dd27e8a1cb69d8b839b26 (WEAK)][Issuer: C=KR, L=Seoul, O=Kakao, CN=Kakao.com][Subject: C=KR, L=Seoul, O=Kakao, CN=Kakao.com][Certificate SHA-1: 65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9][Validity: 2011-12-05 09:19:25 - 2021-12-02 09:19:25][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,0,0,0,4,48,0,4,0,17,4,4,0,0,0,4,0,0,0,0,0,0,4,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 7][cat: Web/5][15 pkts/2932 bytes <-> 14 pkts/1092 bytes][Goodput ratio: 71/27][1.96 sec][bytes ratio: 0.457 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 141/117 494/295 163/92][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 195/78 735/189 228/35][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious Fingerpint **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TCP Fingerprint: 2_64_14000_078416dac97d/Unknown][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 07dddc59e60135c7b479d39c3ae686af][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA][Plen Bins: 30,23,0,0,15,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 194/KakaoTalk_Voice, Confidence: DPI][DPI packets: 1][cat: VoIP/10][12 pkts/1692 bytes <-> 10 pkts/1420 bytes][Goodput ratio: 69/69][45.10 sec][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1062/3176 4203/4247 4716/5160 1131/719][Pkt Len c2s/s2c min/avg/max/stddev: 122/142 141/142 150/142 6/0][Plen Bins: 0,0,4,95,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -58,9 +58,9 @@ JA3 Host Stats:
12 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][5 pkts/350 bytes -> 0 pkts/0 bytes][Goodput ratio: 3/0][11.12 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][3 pkts/168 bytes <-> 2 pkts/112 bytes][Goodput ratio: 0/0][0.48 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.119/DNS.Facebook, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/118 bytes][Goodput ratio: 44/62][0.20 sec][Hostname/SNI: mqtt.facebook.com][173.252.97.2][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: Match by port][FPC: 119/Facebook, Confidence: IP address][DPI packets: 2][cat: Web/5][2 pkts/124 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: Match by port][FPC: 119/Facebook, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 20 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: No client to server traffic / Connection refused / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: Match by port][FPC: 119/Facebook, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: No client to server traffic / Connection refused / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 20 TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: No client to server traffic / Connection refused / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/adult_content.pcap.out b/tests/cfgs/default/result/adult_content.pcap.out
index 8753d6209..0d63f3e22 100644
--- a/tests/cfgs/default/result/adult_content.pcap.out
+++ b/tests/cfgs/default/result/adult_content.pcap.out
@@ -24,4 +24,4 @@ AdultContent 25 7972 1
Acceptable 25 7972 1
- 1 UDP 192.168.1.199:42759 <-> 31.220.27.69:80 [proto: 78.108/STUN.AdultContent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: AdultContent/34][11 pkts/3593 bytes <-> 14 pkts/4379 bytes][Goodput ratio: 87/87][0.22 sec][Hostname/SNI: b-eu14.stripcdn.com][bytes ratio: -0.099 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/14 55/54 17/17][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 327/313 1246/1418 350/353][Mapped IP/Port: 93.35.171.161:59534][Peer IP/Port: 31.220.27.69:13304][Relayed IP/Port: 127.0.0.254:46990][Rsp Origin IP/Port: 31.220.27.69:80][Other IP/Port: 127.0.0.249:2083][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (NurOKA)][Plen Bins: 8,8,12,24,8,16,0,0,4,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0]
+ 1 UDP 192.168.1.199:42759 <-> 31.220.27.69:80 [proto: 78.108/STUN.AdultContent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: AdultContent/34][11 pkts/3593 bytes <-> 14 pkts/4379 bytes][Goodput ratio: 87/87][0.22 sec][Hostname/SNI: b-eu14.stripcdn.com][bytes ratio: -0.099 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/14 55/54 17/17][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 327/313 1246/1418 350/353][Mapped IP/Port: 93.35.171.161:59534][Peer IP/Port: 31.220.27.69:13304][Relayed IP/Port: 127.0.0.254:46990][Rsp Origin IP/Port: 31.220.27.69:80][Other IP/Port: 127.0.0.249:2083][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (NurOKA)][Plen Bins: 8,8,12,24,8,16,0,0,4,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0]
diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out
index 1c1399b14..fc797951a 100644
--- a/tests/cfgs/default/result/alexa-app.pcapng.out
+++ b/tests/cfgs/default/result/alexa-app.pcapng.out
@@ -144,7 +144,7 @@ JA3 Host Stats:
95 TCP 172.16.42.216:49572 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 6][cat: VirtAssistant/32][6 pkts/1152 bytes <-> 4 pkts/1582 bytes][Goodput ratio: 70/85][1.16 sec][Hostname/SNI: alexa.amazon.com][bytes ratio: -0.157 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/15 232/42 901/70 336/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 192/396 862/1400 300/580][URL: alexa.amazon.com/manifest/pitangui.appcache][StatusCode: 200][Content-Type: text/cache-manifest][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /manifest/pitangui.appcache)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]
96 TCP 172.16.42.216:49606 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: VirtAssistant/32][6 pkts/1124 bytes <-> 4 pkts/1582 bytes][Goodput ratio: 69/85][4.72 sec][Hostname/SNI: alexa.amazon.com][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 943/66 4438/116 1748/50][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/396 834/1400 289/580][URL: alexa.amazon.com/manifest/pitangui.appcache][StatusCode: 200][Content-Type: text/cache-manifest][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /manifest/pitangui.appcache)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]
97 TCP 172.16.42.216:49613 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 6][cat: VirtAssistant/32][6 pkts/1124 bytes <-> 4 pkts/1582 bytes][Goodput ratio: 69/85][1.39 sec][Hostname/SNI: alexa.amazon.com][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/19 277/41 1181/63 453/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/396 834/1400 289/580][URL: alexa.amazon.com/manifest/pitangui.appcache][StatusCode: 200][Content-Type: text/cache-manifest][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /manifest/pitangui.appcache)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]
- 98 TCP 172.16.42.216:42878 <-> 173.194.223.188:5228 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 239/GoogleServices, Confidence: DNS][DPI packets: 6][cat: Web/5][8 pkts/1484 bytes <-> 9 pkts/1103 bytes][Goodput ratio: 63/45][0.44 sec][Hostname/SNI: mtalk.google.com][bytes ratio: 0.147 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/36 119/119 39/43][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 186/123 583/205 193/57][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA3C: a5a59633017c3d696d2c69350e5fc004][JA4: t12d200900_93851ff8129a_f88f2b2eb673][JA3S: 9b1466fd60cadccb848e09c86e284265][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 12,12,0,38,12,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 98 TCP 172.16.42.216:42878 <-> 173.194.223.188:5228 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 239/GoogleServices, Confidence: DNS][DPI packets: 6][cat: Web/5][8 pkts/1484 bytes <-> 9 pkts/1103 bytes][Goodput ratio: 63/45][0.44 sec][Hostname/SNI: mtalk.google.com][bytes ratio: 0.147 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/36 119/119 39/43][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 186/123 583/205 193/57][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA3C: a5a59633017c3d696d2c69350e5fc004][JA4: t12d200900_93851ff8129a_f88f2b2eb673][JA3S: 9b1466fd60cadccb848e09c86e284265][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 12,12,0,38,12,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
99 TCP 172.16.42.216:58048 <-> 54.239.28.178:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 6][cat: Web/5][10 pkts/1320 bytes <-> 9 pkts/1259 bytes][Goodput ratio: 58/58][0.27 sec][bytes ratio: 0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/23 69/70 31/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 132/140 544/651 147/183][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA4: t10d140200_37d7d24289bf_33a13ba74d1c][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,42,14,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
100 TCP 172.16.42.216:49630 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 6][cat: VirtAssistant/32][6 pkts/1340 bytes <-> 4 pkts/419 bytes][Goodput ratio: 74/44][5.51 sec][Hostname/SNI: alexa.amazon.com][bytes ratio: 0.524 (Upload)][IAT c2s/s2c min/avg/max/stddev: 23/0 1100/138 4406/275 1672/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 223/105 1050/237 370/76][URL: alexa.amazon.com/lib/bootstrap/img/glyphicons-halflings.png][StatusCode: 404][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 404][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /lib/bootstrap/im)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
101 TCP 172.16.42.216:45697 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][9 pkts/1043 bytes <-> 5 pkts/428 bytes][Goodput ratio: 51/32][4.57 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/182 298/364 98/182][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/86 293/139 96/32][Risk: ** Weak TLS Cipher **** Malicious Fingerpint **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -155,8 +155,8 @@ JA3 Host Stats:
106 TCP 172.16.42.216:35540 <-> 172.217.9.142:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 6][cat: ConnCheck/30][4 pkts/460 bytes <-> 3 pkts/289 bytes][Goodput ratio: 41/29][0.09 sec][Hostname/SNI: connectivitycheck.android.com][bytes ratio: 0.228 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 30/24 45/48 20/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/96 254/149 80/37][URL: connectivitycheck.android.com/generate_204][StatusCode: 204][User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build/LMY47V)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
107 TCP 172.16.42.216:60246 <-> 172.217.9.142:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 6][cat: ConnCheck/30][4 pkts/460 bytes <-> 3 pkts/289 bytes][Goodput ratio: 41/29][0.14 sec][Hostname/SNI: connectivitycheck.android.com][bytes ratio: 0.228 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/8 45/48 94/89 37/40][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/96 254/149 80/37][URL: connectivitycheck.android.com/generate_204][StatusCode: 204][User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build/LMY47V)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
108 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/714 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Hostname/SNI: android-1c1335ec95a27318][DHCP Fingerprint: 1,33,3,6,15,26,28,51,58,59][DHCP Class Ident: dhcpcd-5.5.6][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 109 TCP 172.16.42.216:40200 -> 10.201.126.241:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][8 pkts/572 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][127.39 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 990/0 18197/0 64239/0 21317/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 72/0 74/0 7/0][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No server to client traffic / Connection refused (client)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 110 TCP 172.16.42.216:40202 -> 10.201.126.241:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][8 pkts/572 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][127.28 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1069/0 18182/0 64160/0 21286/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 72/0 74/0 7/0][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No server to client traffic / Connection refused (client)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 109 TCP 172.16.42.216:40200 -> 10.201.126.241:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][8 pkts/572 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][127.39 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 990/0 18197/0 64239/0 21317/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 72/0 74/0 7/0][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: No server to client traffic / Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 110 TCP 172.16.42.216:40202 -> 10.201.126.241:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][8 pkts/572 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][127.28 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1069/0 18182/0 64160/0 21286/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 72/0 74/0 7/0][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: No server to client traffic / Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
111 TCP 172.16.42.216:49627 <-> 52.94.232.134:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 9][cat: Web/5][6 pkts/364 bytes <-> 3 pkts/184 bytes][Goodput ratio: 0/0][1.34 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 267/0 997/0 373/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 61/61 74/62 9/1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
112 TCP 172.16.42.216:40242 -> 10.201.126.241:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Web/5][7 pkts/518 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][63.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 996/0 10526/0 32079/0 10855/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/0 74/0 74/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
113 TCP 172.16.42.216:34073 <-> 54.239.24.186:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: DNS][DPI packets: 8][cat: Web/5][5 pkts/310 bytes <-> 3 pkts/182 bytes][Goodput ratio: 0/0][7.12 sec][bytes ratio: 0.260 (Upload)][IAT c2s/s2c min/avg/max/stddev: 74/151 1780/151 5979/151 2453/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 62/61 74/62 10/1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -204,6 +204,6 @@ JA3 Host Stats:
155 UDP 172.16.42.216:52603 <-> 172.16.42.1:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.58.218.196][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
156 UDP 172.16.42.216:60804 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.178/DNS.Amazon, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.05 sec][Hostname/SNI: api.amazon.com][54.239.29.146][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
157 ICMPV6 [::]:0 -> [ff02::1:ffd3:fbc2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/156 bytes -> 0 pkts/0 bytes][Goodput ratio: 20/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 158 TCP 172.16.42.216:38391 <-> 192.168.11.1:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 159 TCP 172.16.42.216:38434 <-> 192.168.11.1:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.09 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 158 TCP 172.16.42.216:38391 <-> 192.168.11.1:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 159 TCP 172.16.42.216:38434 <-> 192.168.11.1:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.09 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
160 IGMP 0.0.0.0:0 -> 224.0.0.1:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 82/IGMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][125.44 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
index b57badcd4..843b7f6a1 100644
--- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out
+++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@@ -55,14 +55,14 @@ JA3 Host Stats:
1 TCP 10.0.0.227:56929 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][48 pkts/9073 bytes <-> 44 pkts/18703 bytes][Goodput ratio: 65/84][21.89 sec][bytes ratio: -0.347 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/11 97/138 21/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 189/425 1514/1514 246/579][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / SNI should always be present / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: c9f0b47c9805f516e6d3900cb51f7841][JA4: t12d220300_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,4,2,21,31,0,2,6,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,21,0,0]
2 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: SNI should always be present / http/1.1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][JA4: t12d2204ht_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0]
- 3 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 160][Risk Info: No ALPN / SNI should always be present / 29/Aug/2019 00:12:40 - 08/Oct/2019 00:12:40][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA4: t12d070500_c20ebc0cf62a_ed727256b201][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0]
+ 3 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 160][Risk Info: No ALPN / SNI should always be present / Expected on port 443 / 29/Aug/2019 00:12:40 - 08/Oct/2019 00:12:40][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA4: t12d070500_c20ebc0cf62a_ed727256b201][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0]
4 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: SNI should always be present / http/1.1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][JA4: t12d2204ht_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0]
5 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 30/DTLS, Confidence: DPI][DPI packets: 4][cat: Web/5][14 pkts/2322 bytes <-> 15 pkts/3787 bytes][Goodput ratio: 75/83][0.24 sec][bytes ratio: -0.240 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 47/46 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 166/252 199/407 17/74][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLS (0100)][TLS (0100)][JA3C: ee2a8029d94a1e0f64493aac044a9a9e][JA4: ds3d010000_2cfe23c976cf_e3b0c44298fc][JA3S: cee68a158056f16c2d1b274dde4e2ec3][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,3,3,39,13,18,3,6,6,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 118/Slack, Confidence: DNS][DPI packets: 6][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][Hostname/SNI: slack.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: d8dc5f8940df366b3a58b935569143e8][JA4: t12d1313h2_8b80da21ef18_e48c60694ef0][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][45.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3028/0 3072/0 84/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][Server: Roku UPnP/1.0 MiniUPnPd/1.4][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.151][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][Server: Roku UPnP/1.0 MiniUPnPd/1.4][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.151 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][Content-Type: application/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.149 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0]
13 UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -84,7 +84,7 @@ JA3 Host Stats:
29 UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5.238/DNS.ApplePush][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.238/DNS.ApplePush, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 54/87][0.02 sec][Hostname/SNI: 1-courier.sandbox.push.apple.com][17.188.138.71][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0/0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
31 TCP 10.0.0.227:56916 -> 10.0.0.151:8009 [proto: 139/AJP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][5 pkts/390 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 32 TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: IP address][DPI packets: 2][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0/28][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 32 TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: IP address][DPI packets: 2][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0/28][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 UDP 10.0.0.151:1900 -> 10.0.0.227:61328 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/353 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 TCP 10.0.0.227:56910 <-> 35.201.124.9:443 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/170 bytes <-> 2 pkts/164 bytes][Goodput ratio: 22/19][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
35 UDP 10.0.0.227:62427 <-> 75.75.75.75:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/242 bytes][Goodput ratio: 49/82][0.02 sec][Hostname/SNI: detectportal.firefox.com][184.25.56.82][PLAIN TEXT (detectportal)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/anydesk.pcapng.out b/tests/cfgs/default/result/anydesk.pcapng.out
index e055b4375..b921bb701 100644
--- a/tests/cfgs/default/result/anydesk.pcapng.out
+++ b/tests/cfgs/default/result/anydesk.pcapng.out
@@ -37,8 +37,8 @@ JA3 Host Stats:
1 TCP 192.168.149.129:43535 <-> 51.83.238.219:80 [proto: 91.252/TLS.AnyDesk][IP: 252/AnyDesk][Encrypted][Confidence: DPI][FPC: 252/AnyDesk, Confidence: IP address][DPI packets: 8][cat: RemoteAccess/12][19 pkts/6843 bytes <-> 22 pkts/9152 bytes][Goodput ratio: 85/86][10.60 sec][bytes ratio: -0.144 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 624/488 7028/7028 1803/1610][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 360/416 1514/1514 525/549][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 120][Risk Info: No ALPN / SNI should always be present / Expected on port 443 / Found AnyDesk][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][JA3S: 107030a763c7224285717ff1569a17f3][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,13,13,9,9,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,4,0,4,0,0,9,0,0,0,0,18,0,0]
2 TCP 192.168.1.128:48260 <-> 195.181.174.176:443 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: RemoteAccess/12][27 pkts/7693 bytes <-> 27 pkts/4853 bytes][Goodput ratio: 77/63][58.81 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: 0.226 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2284/1898 10210/10228 4074/3857][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 285/180 1514/1514 460/331][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **][Risk Score: 110][Risk Info: anydesk/6.2.0/linu / Found AnyDesk / SNI should always be present][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA4: t12d6406an_9197985d2161_a1e935682795][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,35,20,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,15,0,0]
- 3 TCP 192.168.1.187:54164 <-> 192.168.1.178:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: RemoteAccess/12][19 pkts/7324 bytes <-> 21 pkts/3951 bytes][Goodput ratio: 86/69][7.29 sec][bytes ratio: 0.299 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 481/137 2966/1753 831/422][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 385/188 3980/1514 894/354][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 120][Risk Info: No ALPN / SNI should always be present / Found AnyDesk][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA4: t12d550500_168bb377f8c8_a1e935682795][JA3S: ee644a8a34c434abca4b737ec1d9efad][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0][Firefox][Cipher: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,45,15,5,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,5]
- 4 TCP 192.168.1.178:52039 <-> 192.168.1.187:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: RemoteAccess/12][8 pkts/2035 bytes <-> 7 pkts/2157 bytes][Goodput ratio: 76/82][0.56 sec][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/40 406/85 150/33][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 254/308 1340/968 419/387][Risk: ** Known Proto on Non Std Port **** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 220][Risk Info: No ALPN / SNI should always be present / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384 / Found AnyDesk][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][JA3S: 4b505adfb4a921c5a3a39d293b0811e1 (WEAK)][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: 86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E][Firefox][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,20,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0]
+ 3 TCP 192.168.1.187:54164 <-> 192.168.1.178:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: RemoteAccess/12][19 pkts/7324 bytes <-> 21 pkts/3951 bytes][Goodput ratio: 86/69][7.29 sec][bytes ratio: 0.299 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 481/137 2966/1753 831/422][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 385/188 3980/1514 894/354][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 120][Risk Info: No ALPN / SNI should always be present / Expected on port 443 / Found AnyDesk][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA4: t12d550500_168bb377f8c8_a1e935682795][JA3S: ee644a8a34c434abca4b737ec1d9efad][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0][Firefox][Cipher: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,45,15,5,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,5]
+ 4 TCP 192.168.1.178:52039 <-> 192.168.1.187:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: RemoteAccess/12][8 pkts/2035 bytes <-> 7 pkts/2157 bytes][Goodput ratio: 76/82][0.56 sec][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/40 406/85 150/33][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 254/308 1340/968 419/387][Risk: ** Known Proto on Non Std Port **** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 220][Risk Info: No ALPN / SNI should always be present / Expected on port 443 / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384 / Found AnyDesk][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][JA3S: 4b505adfb4a921c5a3a39d293b0811e1 (WEAK)][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: 86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E][Firefox][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,20,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0]
5 TCP 192.168.149.129:36351 <-> 51.83.239.144:80 [proto: 91/TLS][IP: 252/AnyDesk][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][10 pkts/792 bytes <-> 10 pkts/925 bytes][Goodput ratio: 32/38][45.83 sec][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 32/31 5700/5700 15000/15001 7162/7162][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/92 105/213 25/45][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,90,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.1.187:55376 <-> 192.168.1.1:53 [proto: 5.252/DNS.AnyDesk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.252/DNS.AnyDesk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-9b6827f2.net.anydesk.com][138.199.36.115][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.1.187:59511 <-> 192.168.1.1:53 [proto: 5.252/DNS.AnyDesk][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.252/DNS.AnyDesk, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-3185a847.net.anydesk.com][37.61.223.15][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/bets.pcapng.out b/tests/cfgs/default/result/bets.pcapng.out
index 0c1a52988..6ab14d27a 100644
--- a/tests/cfgs/default/result/bets.pcapng.out
+++ b/tests/cfgs/default/result/bets.pcapng.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
1 192.168.10.2 1
- 1 TCP 192.168.10.2:60099 <-> 13.224.103.22:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Gambling/107][17 pkts/1469 bytes <-> 16 pkts/7759 bytes][Goodput ratio: 39/89][0.19 sec][Hostname/SNI: www.1084bets10.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/9 46/45 16/17][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 86/485 380/1420 78/609][TCP Fingerprint: 2_64_65535_78dd6871cb6d/Unknown][TLSv1.3][JA3C: 375c6162a492dfbf2795909110ce8424][JA4: t13d4907h2_0d8feac7bc37_7395dae3b2f3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,21,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,28,0,0,0,0,0]
+ 1 TCP 192.168.10.2:60099 <-> 13.224.103.22:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Gambling/107][17 pkts/1469 bytes <-> 16 pkts/7759 bytes][Goodput ratio: 39/89][0.19 sec][Hostname/SNI: www.1084bets10.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/9 46/45 16/17][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 86/485 380/1420 78/609][TCP Fingerprint: 2_64_65535_78dd6871cb6d/macOS][TLSv1.3][JA3C: 375c6162a492dfbf2795909110ce8424][JA4: t13d4907h2_0d8feac7bc37_7395dae3b2f3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,21,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,28,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/bittorrent.pcap.out b/tests/cfgs/default/result/bittorrent.pcap.out
index 71b7b5db6..6f0a08a12 100644
--- a/tests/cfgs/default/result/bittorrent.pcap.out
+++ b/tests/cfgs/default/result/bittorrent.pcap.out
@@ -24,27 +24,27 @@ BitTorrent 299 305728 24
Acceptable 299 305728 24
- 1 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][Goodput ratio: 59/95][5.77 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 12/0 319/30 779/919 241/95][Pkt Len c2s/s2c min/avg/max/stddev: 83/80 161/1463 242/1506 58/218][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 2,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
+ 1 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][Goodput ratio: 59/95][5.77 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 12/0 319/30 779/919 241/95][Pkt Len c2s/s2c min/avg/max/stddev: 83/80 161/1463 242/1506 58/218][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 2,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
2 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/583 bytes <-> 4 pkts/975 bytes][Goodput ratio: 55/73][4.11 sec][bytes ratio: -0.252 (Download)][IAT c2s/s2c min/avg/max/stddev: 132/72 959/2027 1966/3982 760/1955][Pkt Len c2s/s2c min/avg/max/stddev: 80/73 146/244 198/648 44/235][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,12,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/640 bytes <-> 3 pkts/910 bytes][Goodput ratio: 59/78][3.54 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 489/661 1178/883 1943/1105 596/222][Pkt Len c2s/s2c min/avg/max/stddev: 75/113 160/303 241/650 62/246][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 14,14,28,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/583 bytes <-> 2 pkts/818 bytes][Goodput ratio: 77/84][1.89 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,25,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/640 bytes <-> 3 pkts/910 bytes][Goodput ratio: 59/78][3.54 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 489/661 1178/883 1943/1105 596/222][Pkt Len c2s/s2c min/avg/max/stddev: 75/113 160/303 241/650 62/246][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 14,14,28,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/583 bytes <-> 2 pkts/818 bytes][Goodput ratio: 77/84][1.89 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,25,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/582 bytes <-> 2 pkts/796 bytes][Goodput ratio: 66/83][0.92 sec][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/510 bytes <-> 2 pkts/771 bytes][Goodput ratio: 61/83][0.92 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,20,60,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/410 bytes <-> 3 pkts/851 bytes][Goodput ratio: 52/77][0.81 sec][bytes ratio: -0.350 (Download)][IAT c2s/s2c min/avg/max/stddev: 320/159 407/298 494/436 87/138][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 137/284 196/601 47/227][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 2 pkts/771 bytes][Goodput ratio: 56/83][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/442 bytes <-> 2 pkts/771 bytes][Goodput ratio: 55/83][0.94 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/440 bytes <-> 2 pkts/772 bytes][Goodput ratio: 55/83][0.27 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 11 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.36 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.26 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 13 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/430 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.45 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/409 bytes <-> 2 pkts/771 bytes][Goodput ratio: 51/83][0.25 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 2 pkts/796 bytes][Goodput ratio: 50/83][0.23 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 1 pkts/624 bytes][Goodput ratio: 50/89][0.22 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 17 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/349 bytes <-> 2 pkts/265 bytes][Goodput ratio: 62/50][1.91 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,25,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 1 pkts/157 bytes][Goodput ratio: 56/58][0.15 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,50,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 20 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 21 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 24 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/510 bytes <-> 2 pkts/771 bytes][Goodput ratio: 61/83][0.92 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,20,60,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/410 bytes <-> 3 pkts/851 bytes][Goodput ratio: 52/77][0.81 sec][bytes ratio: -0.350 (Download)][IAT c2s/s2c min/avg/max/stddev: 320/159 407/298 494/436 87/138][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 137/284 196/601 47/227][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 2 pkts/771 bytes][Goodput ratio: 56/83][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/442 bytes <-> 2 pkts/771 bytes][Goodput ratio: 55/83][0.94 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/440 bytes <-> 2 pkts/772 bytes][Goodput ratio: 55/83][0.27 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 11 TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.36 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.26 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 13 TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/430 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.45 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/409 bytes <-> 2 pkts/771 bytes][Goodput ratio: 51/83][0.25 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 2 pkts/796 bytes][Goodput ratio: 50/83][0.23 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 1 pkts/624 bytes][Goodput ratio: 50/89][0.22 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 17 TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/349 bytes <-> 2 pkts/265 bytes][Goodput ratio: 62/50][1.91 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,25,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 1 pkts/157 bytes][Goodput ratio: 56/58][0.15 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,50,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 20 TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 21 TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 22 TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 24 TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out b/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out
index c9951327d..ea873bda1 100644
--- a/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out
+++ b/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out
@@ -24,4 +24,4 @@ BitTorrent 100 96898 1
Acceptable 100 96898 1
- 1 TCP 192.168.122.34:48987 <-> 178.71.206.1:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Download/7][33 pkts/2895 bytes <-> 67 pkts/94003 bytes][Goodput ratio: 38/96][0.31 sec][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/4 33/64 11/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 88/1403 525/1494 98/324][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][BT Hash: 0f6b9cd2b7da4de9b6c846203920e3da49cdb795][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,4,1,0,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
+ 1 TCP 192.168.122.34:48987 <-> 178.71.206.1:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Download/7][33 pkts/2895 bytes <-> 67 pkts/94003 bytes][Goodput ratio: 38/96][0.31 sec][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/4 33/64 11/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 88/1403 525/1494 98/324][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 51413,53646][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][BT Hash: 0f6b9cd2b7da4de9b6c846203920e3da49cdb795][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,4,1,0,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
diff --git a/tests/cfgs/default/result/bittorrent_utp.pcap.out b/tests/cfgs/default/result/bittorrent_utp.pcap.out
index f765b4e76..97a6db035 100644
--- a/tests/cfgs/default/result/bittorrent_utp.pcap.out
+++ b/tests/cfgs/default/result/bittorrent_utp.pcap.out
@@ -24,5 +24,5 @@ BitTorrent 92 41870 2
Acceptable 92 41870 2
- 1 UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][47 pkts/36653 bytes <-> 39 pkts/4836 bytes][Goodput ratio: 95/66][19.22 sec][bytes ratio: 0.767 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 223/425 4392/4641 701/934][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 780/124 1514/519 609/123][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (hash20)][Plen Bins: 52,1,2,4,0,1,1,1,0,0,5,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,6,0,0,0,6,0,0,0,8,0]
- 2 UDP 127.0.0.1:49861 <-> 127.0.0.1:33333 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][3 pkts/195 bytes <-> 3 pkts/186 bytes][Goodput ratio: 35/32][2.70 sec][bytes ratio: 0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1205/1205 1348/1348 1492/1492 144/144][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 65/62 67/62 2/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][47 pkts/36653 bytes <-> 39 pkts/4836 bytes][Goodput ratio: 95/66][19.22 sec][bytes ratio: 0.767 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 223/425 4392/4641 701/934][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 780/124 1514/519 609/123][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 52,1,2,4,0,1,1,1,0,0,5,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,6,0,0,0,6,0,0,0,8,0]
+ 2 UDP 127.0.0.1:49861 <-> 127.0.0.1:33333 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][3 pkts/195 bytes <-> 3 pkts/186 bytes][Goodput ratio: 35/32][2.70 sec][bytes ratio: 0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1205/1205 1348/1348 1492/1492 144/144][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 65/62 67/62 2/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/coap_mqtt.pcap.out b/tests/cfgs/default/result/coap_mqtt.pcap.out
index 0dce7a36b..8d962aebf 100644
--- a/tests/cfgs/default/result/coap_mqtt.pcap.out
+++ b/tests/cfgs/default/result/coap_mqtt.pcap.out
@@ -32,10 +32,10 @@ Acceptable 1061 100887 8
2 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes][Goodput ratio: 70/33][11.09 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 111/111 154/150 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,11,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes][Goodput ratio: 70/32][10.92 sec][bytes ratio: 0.382 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 110/110 172/164 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,15,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13910 bytes <-> 100 pkts/6210 bytes][Goodput ratio: 70/32][11.20 sec][bytes ratio: 0.383 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 112/113 151/147 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RPC/16][34 pkts/2662 bytes <-> 41 pkts/3133 bytes][Goodput ratio: 27/29][5.40 sec][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 195/158 4242/4438 810/757][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 78/76 114/140 25/36][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (17Info)][Plen Bins: 52,25,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 222/MQTT, Confidence: DPI][DPI packets: 1][cat: RPC/16][28 pkts/2166 bytes <-> 35 pkts/2698 bytes][Goodput ratio: 27/30][28.42 sec][bytes ratio: -0.109 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1340/1008 27310/27505 5807/5099][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 77/77 114/140 25/37][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (messageType)][Plen Bins: 51,24,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 222/MQTT, Confidence: DPI][DPI packets: 1][cat: RPC/16][28 pkts/2166 bytes <-> 35 pkts/2698 bytes][Goodput ratio: 27/30][14.07 sec][bytes ratio: -0.109 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 656/495 12952/13150 2750/2436][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 77/77 114/140 25/37][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (messageType)][Plen Bins: 51,24,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 222/MQTT, Confidence: DPI][DPI packets: 1][cat: RPC/16][34 pkts/2642 bytes <-> 26 pkts/2046 bytes][Goodput ratio: 30/28][0.92 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/34 73/75 28/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 78/79 140/114 37/26][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (messageType)][Plen Bins: 48,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RPC/16][34 pkts/2662 bytes <-> 41 pkts/3133 bytes][Goodput ratio: 27/29][5.40 sec][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 195/158 4242/4438 810/757][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 78/76 114/140 25/36][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1883,8883][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (17Info)][Plen Bins: 52,25,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 222/MQTT, Confidence: DPI][DPI packets: 1][cat: RPC/16][28 pkts/2166 bytes <-> 35 pkts/2698 bytes][Goodput ratio: 27/30][28.42 sec][bytes ratio: -0.109 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1340/1008 27310/27505 5807/5099][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 77/77 114/140 25/37][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 1883,8883][PLAIN TEXT (messageType)][Plen Bins: 51,24,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 222/MQTT, Confidence: DPI][DPI packets: 1][cat: RPC/16][28 pkts/2166 bytes <-> 35 pkts/2698 bytes][Goodput ratio: 27/30][14.07 sec][bytes ratio: -0.109 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 656/495 12952/13150 2750/2436][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 77/77 114/140 25/37][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 1883,8883][PLAIN TEXT (messageType)][Plen Bins: 51,24,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 222/MQTT, Confidence: DPI][DPI packets: 1][cat: RPC/16][34 pkts/2642 bytes <-> 26 pkts/2046 bytes][Goodput ratio: 30/28][0.92 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/34 73/75 28/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 78/79 140/114 37/26][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 1883,8883][PLAIN TEXT (messageType)][Plen Bins: 48,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 27/COAP, Confidence: DPI][DPI packets: 1][cat: RPC/16][3 pkts/262 bytes <-> 3 pkts/205 bytes][Goodput ratio: 29/9][87.03 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 16604/16599 43490/43489 70376/70379 26886/26890][Pkt Len c2s/s2c min/avg/max/stddev: 85/66 87/68 92/73 3/3][PLAIN TEXT (storage)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 27/COAP, Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/147 bytes <-> 2 pkts/257 bytes][Goodput ratio: 16/52][1.15 sec][PLAIN TEXT (separate)][Plen Bins: 75,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 27/COAP, Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/158 bytes <-> 2 pkts/151 bytes][Goodput ratio: 21/18][8.41 sec][PLAIN TEXT (storage)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/custom_categories.pcapng.out b/tests/cfgs/default/result/custom_categories.pcapng.out
index 0da5f22b8..1a57c4fd1 100644
--- a/tests/cfgs/default/result/custom_categories.pcapng.out
+++ b/tests/cfgs/default/result/custom_categories.pcapng.out
@@ -27,6 +27,6 @@ SSH 84 14188 2
Safe 1 346 1
Acceptable 84 14188 2
- 1 TCP [2001:db8:1::1]:64720 <-> [2001:db8:200::1]:20868 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Malware/100][32 pkts/3639 bytes <-> 30 pkts/6335 bytes][Goodput ratio: 24/59][5.34 sec][Hostname/SNI: SSH-1.5-1.2.26][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 13/74 184/193 1212/1436 234/283][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 114/211 250/1294 47/257][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_8192_781448c930cc/Unknown][Server: SSH-1.5-1.2.26][Plen Bins: 69,6,0,0,11,2,0,0,2,0,0,0,0,0,2,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP [2001:db8:1::1]:64720 <-> [2001:db8:200::1]:20868 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Malware/100][32 pkts/3639 bytes <-> 30 pkts/6335 bytes][Goodput ratio: 24/59][5.34 sec][Hostname/SNI: SSH-1.5-1.2.26][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 13/74 184/193 1212/1436 234/283][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 114/211 250/1294 47/257][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 22][TCP Fingerprint: 2_64_8192_781448c930cc/Unknown][Server: SSH-1.5-1.2.26][Plen Bins: 69,6,0,0,11,2,0,0,2,0,0,0,0,0,2,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
2 TCP 172.26.219.44:58639 <-> 172.30.69.103:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Malware/100][11 pkts/2011 bytes <-> 11 pkts/2203 bytes][Goodput ratio: 63/67][0.11 sec][Hostname/SNI: SSH-1.99-OpenSSH_4.3][bytes ratio: -0.046 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 39/41 12/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/200 1026/770 270/223][Risk: ** SSH Obsolete Cli Vers/Cipher **** SSH Obsolete Ser Vers/Cipher **** Client Contacted A Malware Host **][Risk Score: 300][Risk Info: Client contacted malware host / Found cipher arcfour128 / Found cipher arcfour128][TCP Fingerprint: 2_64_14600_2e3cee914fc1/Unknown][HASSH-C: D6593B3202A30B2AA9793A00F8647A0A][Server: SSH-2.0-OpenSSH_6.1][HASSH-S: 500033A73A293E7C36743693D0D4596B][Plen Bins: 31,15,15,0,15,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 ESP [2a01:e34:ef6f:4340:94be:5dac:c20a:d2a0]:0 -> [2001:1670:8:40a6:a08e:332b:aa69:18dc]:0 [VLAN: 121][proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 79/IPSec, Confidence: DPI][DPI packets: 1][cat: Malware/100][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** Client Contacted A Malware Host **][Risk Score: 160][Risk Info: No server to client traffic / Client contacted malware host][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
index b3ab0dd82..2f2819e0a 100644
--- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
+++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
@@ -26,6 +26,6 @@ CustomProtocolC 3 222 1
Acceptable 8 592 3
- 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.445/TLS.CustomProtocolA][IP: 445/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.446/TLS.CustomProtocolA][IP: 446/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 800/CustomProtocolC][IP: 800/CustomProtocolC][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 446/CustomProtocolB][IP: 446/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 447/CustomProtocolB][IP: 447/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/dcerpc.pcap.out b/tests/cfgs/default/result/dcerpc.pcap.out
index b8bb72ada..7fabfa2c5 100644
--- a/tests/cfgs/default/result/dcerpc.pcap.out
+++ b/tests/cfgs/default/result/dcerpc.pcap.out
@@ -24,7 +24,7 @@ PROFINET_IO 16 6866 4
Acceptable 16 6866 4
- 1 UDP 192.168.1.11:49155 -> 192.168.1.20:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/3706 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/0 32/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 618/0 995/0 338/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (mrpdomain)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.1.20:49161 -> 192.168.1.11:49155 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/2464 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][0.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 37/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 411/0 846/0 308/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.1.11:49154 -> 192.168.1.20:49162 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 UDP 192.168.1.20:49162 -> 192.168.1.11:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.1.11:49155 -> 192.168.1.20:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/3706 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/0 32/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 618/0 995/0 338/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 135][PLAIN TEXT (mrpdomain)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.1.20:49161 -> 192.168.1.11:49155 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/2464 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][0.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 37/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 411/0 846/0 308/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 135][Plen Bins: 0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.1.11:49154 -> 192.168.1.20:49162 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 135][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 192.168.1.20:49162 -> 192.168.1.11:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 135][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/dlms.pcap.out b/tests/cfgs/default/result/dlms.pcap.out
index c07fc7463..f8229a3da 100644
--- a/tests/cfgs/default/result/dlms.pcap.out
+++ b/tests/cfgs/default/result/dlms.pcap.out
@@ -25,5 +25,5 @@ IEC62056 27 4247 2
Acceptable 27 4247 2
- 1 TCP 192.168.137.20:60797 <-> 192.168.137.189:4060 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][10 pkts/2942 bytes <-> 8 pkts/520 bytes][Goodput ratio: 77/6][0.03 sec][bytes ratio: 0.700 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 13/5 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 294/65 1514/98 458/14][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
+ 1 TCP 192.168.137.20:60797 <-> 192.168.137.189:4060 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][10 pkts/2942 bytes <-> 8 pkts/520 bytes][Goodput ratio: 77/6][0.03 sec][bytes ratio: 0.700 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 13/5 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 294/65 1514/98 458/14][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 4059][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
2 UDP 10.1.1.1:0 -> 10.2.2.2:4059 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 379/IEC62056, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][9 pkts/785 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][< 1 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 87/0 181/0 37/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (01234567)][Plen Bins: 55,22,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out b/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out
index 561e1e830..d3411ee5a 100644
--- a/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out
+++ b/tests/cfgs/default/result/dnscrypt-v2-doh.pcap.out
@@ -32,7 +32,7 @@ JA3 Host Stats:
1 TCP 10.0.0.1:50614 <-> 185.95.218.42:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][14 pkts/2180 bytes <-> 16 pkts/7623 bytes][Goodput ratio: 65/89][23.45 sec][Hostname/SNI: dns.digitale-gesellschaft.ch][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.555 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2124/13 16347/44 4911/18][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 156/476 352/2958 67/708][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 20,13,23,16,0,3,0,0,0,3,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]
2 TCP 10.0.0.1:43888 <-> 95.216.229.153:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][10 pkts/1559 bytes <-> 8 pkts/6285 bytes][Goodput ratio: 65/93][30.16 sec][Hostname/SNI: fi.doh.dns.snopyta.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3770/16 30052/46 9934/20][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 156/786 346/2958 77/922][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 11,16,28,11,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5]
3 TCP 10.0.0.1:59026 <-> 85.5.93.230:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][11 pkts/1966 bytes <-> 12 pkts/5810 bytes][Goodput ratio: 70/89][30.26 sec][Hostname/SNI: ibksturm.synology.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.494 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/15 115/89 36/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/85 179/484 445/1506 113/487][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 21,4,17,13,0,4,0,0,0,13,0,4,4,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
- 4 TCP 10.0.0.1:52028 <-> 45.76.113.31:8443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][9 pkts/1438 bytes <-> 11 pkts/6319 bytes][Goodput ratio: 66/91][30.97 sec][Hostname/SNI: doh.seby.io][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4379/3404 30317/30002 10590/9405][Pkt Len c2s/s2c min/avg/max/stddev: 78/93 160/574 335/1464 75/564][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 10,15,30,10,0,5,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,10,0,0,0]
+ 4 TCP 10.0.0.1:52028 <-> 45.76.113.31:8443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][9 pkts/1438 bytes <-> 11 pkts/6319 bytes][Goodput ratio: 66/91][30.97 sec][Hostname/SNI: doh.seby.io][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4379/3404 30317/30002 10590/9405][Pkt Len c2s/s2c min/avg/max/stddev: 78/93 160/574 335/1464 75/564][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 10,15,30,10,0,5,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,10,0,0,0]
5 TCP 10.0.0.1:57058 <-> 46.227.200.54:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][9 pkts/1445 bytes <-> 8 pkts/5948 bytes][Goodput ratio: 66/93][30.13 sec][Hostname/SNI: rdns.faelix.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.609 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4304/5014 30049/30000 10511/11174][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/744 339/2958 74/935][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 12,12,25,12,0,5,5,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5]
6 TCP 10.0.0.1:55322 <-> 185.134.196.55:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][10 pkts/1532 bytes <-> 7 pkts/5815 bytes][Goodput ratio: 65/93][16.35 sec][Hostname/SNI: rdns.faelix.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.583 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2039/3262 16237/16242 5366/6490][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 153/831 339/2958 74/969][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,5,25,12,0,5,5,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5]
7 TCP 10.0.0.1:38186 <-> 185.43.135.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][11 pkts/1728 bytes <-> 13 pkts/5220 bytes][Goodput ratio: 66/87][10.17 sec][Hostname/SNI: odvr.nic.cz][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1263/1013 10000/10000 3302/2996][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 157/402 335/3057 70/784][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 03/Aug/2020 06:53:50 - 01/Nov/2020 06:53:50][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][ServerNames: odvr.nic.cz][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=odvr.nic.cz][Certificate SHA-1: 15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B][Firefox][Validity: 2020-08-03 06:53:50 - 2020-11-01 06:53:50][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 4,51,12,12,0,4,0,0,4,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4]
@@ -42,10 +42,10 @@ JA3 Host Stats:
11 TCP 10.0.0.1:46658 <-> 185.233.106.232:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][8 pkts/1437 bytes <-> 7 pkts/5154 bytes][Goodput ratio: 70/93][27.98 sec][Hostname/SNI: dns.dnshome.de][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4659/5583 27865/27889 10378/11153][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 180/736 389/2958 111/936][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 21,6,13,13,0,0,6,0,6,0,13,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6]
12 TCP 10.0.0.1:35714 <-> 209.250.241.25:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 3][cat: Network/14][9 pkts/1516 bytes <-> 9 pkts/5023 bytes][Goodput ratio: 68/90][6.97 sec][Hostname/SNI: jarjar.meganerd.nl][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 992/7 6894/26 2409/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 168/558 342/2102 74/700][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 14/Jul/2020 23:47:21 - 12/Oct/2020 23:47:21][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][ServerNames: jarjar.meganerd.nl][JA3S: 2464432ec440b95b36263230c3148d11][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=jarjar.meganerd.nl][Certificate SHA-1: 17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F][Firefox][Validity: 2020-07-14 23:47:21 - 2020-10-12 23:47:21][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 5,28,23,11,0,5,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5]
13 TCP 10.0.0.1:52386 <-> 51.15.124.208:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][10 pkts/1536 bytes <-> 8 pkts/4974 bytes][Goodput ratio: 65/91][16.18 sec][Hostname/SNI: dnsnl.alekberg.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.528 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2022/11 16115/27 5327/12][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 154/622 342/2958 76/923][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 16,23,16,11,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
- 14 TCP 10.0.0.1:37530 <-> 167.114.220.125:453 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][10 pkts/1537 bytes <-> 10 pkts/4945 bytes][Goodput ratio: 65/89][17.40 sec][Hostname/SNI: dns1.dnscrypt.ca][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.526 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2161/2161 17071/17045 5636/5626][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 154/494 340/3154 76/905][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 15,30,20,10,0,5,0,0,5,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
+ 14 TCP 10.0.0.1:37530 <-> 167.114.220.125:453 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][10 pkts/1537 bytes <-> 10 pkts/4945 bytes][Goodput ratio: 65/89][17.40 sec][Hostname/SNI: dns1.dnscrypt.ca][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.526 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2161/2161 17071/17045 5636/5626][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 154/494 340/3154 76/905][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 15,30,20,10,0,5,0,0,5,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
15 TCP 10.0.0.1:59404 <-> 185.253.154.66:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][10 pkts/1536 bytes <-> 7 pkts/4898 bytes][Goodput ratio: 65/92][22.86 sec][Hostname/SNI: dnses.alekberg.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2857/18 22768/44 7526/21][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 154/700 342/2958 76/962][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,25,18,11,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
16 TCP 10.0.0.1:43106 <-> 116.202.176.26:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][10 pkts/1546 bytes <-> 7 pkts/4884 bytes][Goodput ratio: 65/92][30.19 sec][Hostname/SNI: doh.libredns.gr][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.519 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3774/34 30000/124 9913/46][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 155/698 339/3179 74/1019][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,11,24,11,0,5,0,0,18,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
- 17 TCP 10.0.0.1:36012 <-> 149.56.228.45:453 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][9 pkts/1447 bytes <-> 10 pkts/4943 bytes][Goodput ratio: 66/89][16.62 sec][Hostname/SNI: dns2.dnscrypt.ca][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2358/2063 16281/16268 5684/5369][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 161/494 340/3152 76/904][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 15,26,21,10,0,5,0,0,5,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
+ 17 TCP 10.0.0.1:36012 <-> 149.56.228.45:453 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][9 pkts/1447 bytes <-> 10 pkts/4943 bytes][Goodput ratio: 66/89][16.62 sec][Hostname/SNI: dns2.dnscrypt.ca][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2358/2063 16281/16268 5684/5369][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 161/494 340/3152 76/904][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 15,26,21,10,0,5,0,0,5,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
18 TCP 10.0.0.1:41720 <-> 116.203.179.248:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][10 pkts/1528 bytes <-> 12 pkts/4776 bytes][Goodput ratio: 65/86][15.70 sec][Hostname/SNI: rumpelsepp.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.515 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/6 25/23 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 153/398 338/1506 75/506][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 13,28,13,13,0,4,0,4,4,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
19 TCP 10.0.0.1:38018 <-> 45.153.187.96:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][9 pkts/1448 bytes <-> 6 pkts/4822 bytes][Goodput ratio: 66/93][15.95 sec][Hostname/SNI: dnsse.alekberg.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 2279/20 15848/48 5540/19][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/804 342/2958 77/1002][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,6,27,13,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6]
20 TCP 10.0.0.1:54164 <-> 193.70.85.11:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.196/TLS.DoH_DoT, Confidence: DPI][DPI packets: 2][cat: Network/14][9 pkts/1449 bytes <-> 8 pkts/4814 bytes][Goodput ratio: 66/91][30.10 sec][Hostname/SNI: doh.bortzmeyer.fr][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4295/5006 30033/30001 10508/11178][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/602 341/2958 75/905][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA4: t13d1910h2_9dc949149365_97f8aa674fd9][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,11,25,11,0,5,11,0,5,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
diff --git a/tests/cfgs/default/result/false_positives.pcapng.out b/tests/cfgs/default/result/false_positives.pcapng.out
index df1ec11a9..f1a38cf6c 100644
--- a/tests/cfgs/default/result/false_positives.pcapng.out
+++ b/tests/cfgs/default/result/false_positives.pcapng.out
@@ -32,7 +32,7 @@ Unrated 6 460 1
1 UDP 10.192.92.81:52070 <-> 10.136.43.69:21048 [VLAN: 20][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][15 pkts/3330 bytes <-> 15 pkts/3330 bytes][Goodput ratio: 77/77][0.30 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/19 19/19 20/20 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 222/222 222/222 222/222 0/0][PLAIN TEXT (UUUUUUUUUUUUU)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 10.126.70.67:23784 <-> 10.236.7.225:50160 [VLAN: 107][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][18 pkts/3924 bytes <-> 12 pkts/2616 bytes][Goodput ratio: 79/79][0.34 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/19 20/20 20/20 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 218/218 218/218 218/218 0/0][PLAIN TEXT (UUUUUUUUU)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 10.102.45.249:31046 <-> 10.133.48.100:21176 [VLAN: 10][proto: GTP:87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][22 pkts/2860 bytes <-> 8 pkts/989 bytes][Goodput ratio: 34/30][0.44 sec][bytes ratio: 0.486 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/19 22/19 44/20 15/0][Pkt Len c2s/s2c min/avg/max/stddev: 130/113 130/124 130/130 0/8][Plen Bins: 10,90,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 UDP 10.133.32.101:36408 -> 10.110.31.25:1272 [VLAN: 10][proto: GTP:87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][20 pkts/2260 bytes -> 0 pkts/0 bytes][Goodput ratio: 24/0][0.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 21/0 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 113/0 113/0 113/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 10.133.32.101:36408 -> 10.110.31.25:1272 [VLAN: 10][proto: GTP:87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][20 pkts/2260 bytes -> 0 pkts/0 bytes][Goodput ratio: 24/0][0.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 19/0 20/0 21/0 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 113/0 113/0 113/0 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 10.140.231.26:61202 <-> 159.65.12.169:443 [VLAN: 113][proto: GTP:7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][2 pkts/557 bytes <-> 2 pkts/416 bytes][Goodput ratio: 58/45][0.20 sec][Hostname/SNI: wludo.superkinglabs.com][URL: wludo.superkinglabs.com:443/ws][StatusCode: 101][Server: nginx/1.12.2][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 200][Risk Info: Empty or missing User-Agent / Expected on port 80 / Obsolete nginx server 1.12.2][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /ws HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/forticlient.pcap.out b/tests/cfgs/default/result/forticlient.pcap.out
index 94cccf775..1a8a21fcd 100644
--- a/tests/cfgs/default/result/forticlient.pcap.out
+++ b/tests/cfgs/default/result/forticlient.pcap.out
@@ -30,8 +30,8 @@ JA3 Host Stats:
1 192.168.1.178 2
- 1 TCP 192.168.1.178:61820 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][1150 pkts/146555 bytes <-> 751 pkts/256436 bytes][Goodput ratio: 48/81][13.06 sec][Hostname/SNI: 82.81.46.13][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/19 5218/5218 173/225][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 127/341 1477/1506 88/427][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Malicious Fingerpint **][Risk Score: 110][Risk Info: 40adfd923eb82b89d8836ba37a19bca1 / No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 40adfd923eb82b89d8836ba37a19bca1][JA4: t13i311000_e8f1e7e78f70_5ac7197df9d2][JA3S: e35df3e00ca4ef31d42b34bebaa2f86e][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,19,33,15,17,6,0,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 192.168.1.178:61812 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][15 pkts/1753 bytes <-> 14 pkts/7481 bytes][Goodput ratio: 43/87][1.09 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 79/81 336/340 94/113][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/534 450/1506 104/626][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,8,0,0,8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,25,0,0]
- 3 TCP 192.168.1.178:61806 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][14 pkts/1462 bytes <-> 11 pkts/6959 bytes][Goodput ratio: 36/89][1.09 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.653 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 93/89 336/401 92/145][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/633 269/1506 66/634][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 9,18,0,9,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0]
- 4 TCP 192.168.1.178:61811 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][13 pkts/1582 bytes <-> 11 pkts/3875 bytes][Goodput ratio: 45/81][1.09 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.420 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/102 203/231 56/98][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 122/352 269/1506 77/487][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 10,20,0,10,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
- 5 TCP 192.168.1.178:61805 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][12 pkts/1297 bytes <-> 9 pkts/3531 bytes][Goodput ratio: 38/83][1.11 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.463 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/123 332/395 92/157][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/392 237/1506 64/508][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,22,0,11,0,22,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
+ 1 TCP 192.168.1.178:61820 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][1150 pkts/146555 bytes <-> 751 pkts/256436 bytes][Goodput ratio: 48/81][13.06 sec][Hostname/SNI: 82.81.46.13][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/19 5218/5218 173/225][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 127/341 1477/1506 88/427][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Malicious Fingerpint **][Risk Score: 110][Risk Info: 40adfd923eb82b89d8836ba37a19bca1 / No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 40adfd923eb82b89d8836ba37a19bca1][JA4: t13i311000_e8f1e7e78f70_5ac7197df9d2][JA3S: e35df3e00ca4ef31d42b34bebaa2f86e][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,19,33,15,17,6,0,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 192.168.1.178:61812 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][15 pkts/1753 bytes <-> 14 pkts/7481 bytes][Goodput ratio: 43/87][1.09 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 79/81 336/340 94/113][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/534 450/1506 104/626][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,8,0,0,8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,25,0,0]
+ 3 TCP 192.168.1.178:61806 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][14 pkts/1462 bytes <-> 11 pkts/6959 bytes][Goodput ratio: 36/89][1.09 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.653 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 93/89 336/401 92/145][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/633 269/1506 66/634][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 9,18,0,9,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0]
+ 4 TCP 192.168.1.178:61811 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][13 pkts/1582 bytes <-> 11 pkts/3875 bytes][Goodput ratio: 45/81][1.09 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.420 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/102 203/231 56/98][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 122/352 269/1506 77/487][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 10,20,0,10,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
+ 5 TCP 192.168.1.178:61805 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][12 pkts/1297 bytes <-> 9 pkts/3531 bytes][Goodput ratio: 38/83][1.11 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.463 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/123 332/395 92/157][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/392 237/1506 64/508][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,22,0,11,0,22,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
index 6af247122..2bd584769 100644
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@@ -64,7 +64,7 @@ Unrated 33 4066 33
21 UDP 192.86.1.2:5060 -> 200.68.120.99:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.584 (Executable?)][PLAIN TEXT (CANCEL qip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
22 UDP 192.168.1.2:4292 -> 200.68.37.115:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][SIP From: "arik" ;tag=6433ef9][SIP To: ][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
23 UDP 192.169.1.2:5060 -> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 24 UDP 192.168.1.2:4901 -> 200.68.120.81:29440 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/389 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][SIP From: "arik" ;tag=6433ef9][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 24 UDP 192.168.1.2:4901 -> 200.68.120.81:29440 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/389 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][SIP From: "arik" ;tag=6433ef9][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 5060,5061][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 UDP 192.168.1.2:5060 -> 212.242.33.201:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/366 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][SIP From: "arik" 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][3 pkts/228 bytes <-> 1 pkts/128 bytes][Goodput ratio: 45/67][4.36 sec][Hostname/SNI: sip.cybercity.dk][212.242.33.35][PLAIN TEXT (cybercity)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
27 UDP 192.168.1.2:2830 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 4][cat: Network/14][3 pkts/228 bytes <-> 1 pkts/128 bytes][Goodput ratio: 45/67][4.37 sec][Hostname/SNI: sip.cybercity.dk][212.242.33.35][PLAIN TEXT (cybercity)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out
index 4d2b55a36..70e17e96f 100644
--- a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out
@@ -59,7 +59,7 @@ Unrated 3 655 3
26 TCP 172.20.3.5:2603 -> 172.20.3.77:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
27 TCP 0.20.3.13:80 -> 172.20.3.5:2601 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
28 TCP 172.20.3.13:80 -> 172.20.3.5:2639 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 29 TCP 172.20.3.13:80 -> 172.20.68.5:2604 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 29 TCP 172.20.3.13:80 -> 172.20.68.5:2604 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: No client to server traffic / Connection refused / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 TCP 172.20.3.13:80 -> 172.20.76.5:65069 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
31 TCP 172.20.3.13:80 -> 172.20.82.5:2603 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 TCP 172.20.3.13:80 -> 172.20.148.5:2608 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/gaijin_warthunder.pcap.out b/tests/cfgs/default/result/gaijin_warthunder.pcap.out
index 4650466e2..36ff81aff 100644
--- a/tests/cfgs/default/result/gaijin_warthunder.pcap.out
+++ b/tests/cfgs/default/result/gaijin_warthunder.pcap.out
@@ -25,4 +25,4 @@ GaijinEntertainment 10 1373 2
Fun 10 1373 2
1 UDP 192.168.88.231:37333 -> 95.211.246.178:20011 [proto: 396/GaijinEntertainment][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 396/GaijinEntertainment, Confidence: DPI][DPI packets: 1][cat: Game/8][5 pkts/908 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (app.start)][Plen Bins: 0,0,0,20,60,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.88.231:36929 <-> 185.253.20.249:20021 [proto: 396/GaijinEntertainment][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 396/GaijinEntertainment, Confidence: DPI][DPI packets: 1][cat: Game/8][3 pkts/315 bytes <-> 2 pkts/150 bytes][Goodput ratio: 60/38][0.05 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (Steve Hurley)][Plen Bins: 40,40,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.88.231:36929 <-> 185.253.20.249:20021 [proto: 396/GaijinEntertainment][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 396/GaijinEntertainment, Confidence: DPI][DPI packets: 1][cat: Game/8][3 pkts/315 bytes <-> 2 pkts/150 bytes][Goodput ratio: 60/38][0.05 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 20011][PLAIN TEXT (Steve Hurley)][Plen Bins: 40,40,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/geforcenow.pcapng.out b/tests/cfgs/default/result/geforcenow.pcapng.out
index 880d212b1..f62ebb468 100644
--- a/tests/cfgs/default/result/geforcenow.pcapng.out
+++ b/tests/cfgs/default/result/geforcenow.pcapng.out
@@ -30,5 +30,5 @@ JA3 Host Stats:
1 192.168.1.245 2
- 1 TCP 192.168.1.245:57490 <-> 80.84.167.206:49100 [proto: 91.341/TLS.GeForceNow][IP: 342/Nvidia][Encrypted][Confidence: DPI][FPC: 342/Nvidia, Confidence: IP address][DPI packets: 7][cat: Game/8][27 pkts/8759 bytes <-> 27 pkts/39892 bytes][Goodput ratio: 80/96][1.34 sec][Hostname/SNI: 80-84-167-206.cloudmatchbeta.nvidiagrid.net][(Advertised) ALPNs: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.640 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56/12 946/84 200/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324/1477 2962/2962 631/1355][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA3C: 021c7413ddeb0d58973451b0e3b19eca][JA4: t13d1516ht_8daaf6152771_e5627efa2ab1][ServerNames: prod.cloudmatchbeta.nvidiagrid.net,*.cloudmatchbeta.nvidiagrid.net][JA3S: 098e26e2609212ac1bfac552fbe04127][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, CN=prod.cloudmatchbeta.nvidiagrid.net][Certificate SHA-1: 8C:24:BC:2B:01:63:B9:AC:83:90:F3:A9:F9:EA:72:5E:F4:47:A2:77][Chrome][Validity: 2022-08-09 00:00:00 - 2023-08-09 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,23,2,0,0,5,0,0,14,0,2,0,0,0,0,0,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,42]
+ 1 TCP 192.168.1.245:57490 <-> 80.84.167.206:49100 [proto: 91.341/TLS.GeForceNow][IP: 342/Nvidia][Encrypted][Confidence: DPI][FPC: 342/Nvidia, Confidence: IP address][DPI packets: 7][cat: Game/8][27 pkts/8759 bytes <-> 27 pkts/39892 bytes][Goodput ratio: 80/96][1.34 sec][Hostname/SNI: 80-84-167-206.cloudmatchbeta.nvidiagrid.net][(Advertised) ALPNs: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.640 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56/12 946/84 200/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324/1477 2962/2962 631/1355][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA3C: 021c7413ddeb0d58973451b0e3b19eca][JA4: t13d1516ht_8daaf6152771_e5627efa2ab1][ServerNames: prod.cloudmatchbeta.nvidiagrid.net,*.cloudmatchbeta.nvidiagrid.net][JA3S: 098e26e2609212ac1bfac552fbe04127][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, CN=prod.cloudmatchbeta.nvidiagrid.net][Certificate SHA-1: 8C:24:BC:2B:01:63:B9:AC:83:90:F3:A9:F9:EA:72:5E:F4:47:A2:77][Chrome][Validity: 2022-08-09 00:00:00 - 2023-08-09 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,23,2,0,0,5,0,0,14,0,2,0,0,0,0,0,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,42]
2 UDP 192.168.1.245:52441 <-> 80.84.167.206:18452 [proto: 30.341/DTLS.GeForceNow][IP: 342/Nvidia][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 17][cat: Game/8][21 pkts/3455 bytes <-> 33 pkts/16894 bytes][Goodput ratio: 74/92][1.03 sec][bytes ratio: -0.660 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/30 360/689 91/130][Pkt Len c2s/s2c min/avg/max/stddev: 87/67 165/512 582/1222 101/514][Mapped IP/Port: 10.0.20.8:51651][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 730 days][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: a9e0318114bb46bdbeef6d54e42c915f][Issuer: CN=NVIDIA GameStream][Subject: CN=NVIDIA GameStream][Certificate SHA-1: D1:FC:74:AD:A0:6F:11:C1:F4:4D:F9:4C:2B:25:88:A6:2B:6E:65:1E][Validity: 2022-05-21 12:24:31 - 2024-05-20 12:24:31][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (BffATDg/Gz0)][Plen Bins: 1,17,33,9,12,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/genshin-impact.pcap.out b/tests/cfgs/default/result/genshin-impact.pcap.out
index 4866365d1..2cb9b7569 100644
--- a/tests/cfgs/default/result/genshin-impact.pcap.out
+++ b/tests/cfgs/default/result/genshin-impact.pcap.out
@@ -25,8 +25,8 @@ GenshinImpact 90 18405 6
Fun 90 18405 6
- 1 UDP 192.168.2.100:58766 <-> 47.245.143.85:22101 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 257/GenshinImpact, Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1369 bytes <-> 8 pkts/3568 bytes][Goodput ratio: 78/91][1.63 sec][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 312/266 818/750 343/309][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 196/446 648/1223 192/449][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 20,13,0,6,13,20,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.2.100:52575 <-> 8.209.69.191:22101 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 257/GenshinImpact, Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1975 bytes <-> 8 pkts/1300 bytes][Goodput ratio: 85/74][2.27 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 409/181 1044/710 455/239][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 282/162 648/396 240/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 20,26,0,6,0,20,6,0,0,0,0,6,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.2.100:58766 <-> 47.245.143.85:22101 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 257/GenshinImpact, Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1369 bytes <-> 8 pkts/3568 bytes][Goodput ratio: 78/91][1.63 sec][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 312/266 818/750 343/309][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 196/446 648/1223 192/449][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 22102][Plen Bins: 20,13,0,6,13,20,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.2.100:52575 <-> 8.209.69.191:22101 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 257/GenshinImpact, Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1975 bytes <-> 8 pkts/1300 bytes][Goodput ratio: 85/74][2.27 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 409/181 1044/710 455/239][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 282/162 648/396 240/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 22102][Plen Bins: 20,26,0,6,0,20,6,0,0,0,0,6,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 192.168.2.100:39686 <-> 49.51.181.168:80 [proto: 257/GenshinImpact][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 285/Tencent, Confidence: IP address][DPI packets: 4][cat: Game/8][9 pkts/2327 bytes <-> 6 pkts/535 bytes][Goodput ratio: 78/35][0.71 sec][bytes ratio: 0.626 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/88 176/176 86/87][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 259/89 1468/138 434/29][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (194946781)][Plen Bins: 0,50,25,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
4 TCP 192.168.2.100:39822 <-> 49.51.190.178:80 [proto: 257/GenshinImpact][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 285/Tencent, Confidence: IP address][DPI packets: 4][cat: Game/8][9 pkts/2294 bytes <-> 6 pkts/535 bytes][Goodput ratio: 78/35][0.69 sec][bytes ratio: 0.622 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/85 171/170 84/84][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 255/89 1468/138 435/29][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (194946781)][Plen Bins: 12,51,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
5 UDP 192.168.2.100:59145 <-> 47.254.169.109:22102 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 257/GenshinImpact, Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/1383 bytes <-> 7 pkts/1237 bytes][Goodput ratio: 76/76][1.75 sec][bytes ratio: 0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/30 285/342 829/800 363/311][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 173/177 650/340 185/88][Plen Bins: 34,13,0,13,13,13,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out
index b05b23b9b..736c762db 100644
--- a/tests/cfgs/default/result/gnutella.pcap.out
+++ b/tests/cfgs/default/result/gnutella.pcap.out
@@ -60,10 +60,10 @@ JA3 Host Stats:
4 TCP 10.0.2.15:50300 <-> 188.61.52.183:11852 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Download/7][66 pkts/6593 bytes <-> 69 pkts/10484 bytes][Goodput ratio: 46/64][502.91 sec][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 8559/7533 32308/32351 8859/8516][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 100/152 653/1514 91/201][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 1,43,9,6,26,4,0,1,1,0,1,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
5 UDP [fe80::c50d:519f:96a4:e108]:63958 -> [ff02::c]:3702 [proto: 153/WSD][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 153/WSD, Confidence: DPI][DPI packets: 1][cat: Network/14][14 pkts/15504 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][586.41 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/0 48849/0 583774/0 161286/0][Pkt Len c2s/s2c min/avg/max/stddev: 834/0 1107/0 1153/0 112/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,85,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 10.0.2.15:63957 -> 239.255.255.250:3702 [proto: 153/WSD][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 153/WSD, Confidence: DPI][DPI packets: 1][cat: Network/14][13 pkts/14194 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][586.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/0 53286/0 583775/0 167755/0][Pkt Len c2s/s2c min/avg/max/stddev: 814/0 1092/0 1115/0 80/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,92,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 TCP 10.0.2.15:50330 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][9 pkts/1011 bytes <-> 12 pkts/11017 bytes][Goodput ratio: 51/94][3.38 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/240 1119/1115 493/448][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/918 567/1514 161/644][URL: 69.118.162.229:46906/gnutella/thex/v1?urn:tree:tiger/:3WMUS6WM2ZC7XIPRQDKXWHHJRV4IKYC4OX4ELCA&depth=9&ed2k=1][StatusCode: 200][Content-Type: application/dime][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **][Risk Score: 80][Risk Info: Found host 69.118.162.229 / Entropy: 5.691 (Executable?)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /gnutella/thex/v1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,55,0,0]
+ 7 TCP 10.0.2.15:50330 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][9 pkts/1011 bytes <-> 12 pkts/11017 bytes][Goodput ratio: 51/94][3.38 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/240 1119/1115 493/448][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/918 567/1514 161/644][URL: 69.118.162.229:46906/gnutella/thex/v1?urn:tree:tiger/:3WMUS6WM2ZC7XIPRQDKXWHHJRV4IKYC4OX4ELCA&depth=9&ed2k=1][StatusCode: 200][Content-Type: application/dime][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **][Risk Score: 80][Risk Info: Found host 69.118.162.229 / Expected on port 80 / Entropy: 5.691 (Executable?)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /gnutella/thex/v1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,55,0,0]
8 TCP 10.0.2.15:50248 <-> 109.214.154.216:6346 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Download/7][45 pkts/3196 bytes <-> 54 pkts/8256 bytes][Goodput ratio: 24/65][522.53 sec][bytes ratio: -0.442 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/1 12254/10032 54436/54424 15860/15019][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/153 358/1078 50/183][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 56,1,12,5,3,1,1,7,3,1,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 10.0.2.15:50249 <-> 86.208.180.181:45883 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Download/7][43 pkts/3087 bytes <-> 47 pkts/7704 bytes][Goodput ratio: 24/67][522.17 sec][bytes ratio: -0.428 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 11973/13240 47909/55396 14672/15777][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/164 357/1119 51/213][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 57,0,4,6,4,4,4,2,6,2,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 TCP 10.0.2.15:50327 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][5 pkts/815 bytes <-> 7 pkts/5620 bytes][Goodput ratio: 65/93][1.25 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 416/228 1138/1123 513/447][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/803 587/1514 212/666][URL: 69.118.162.229:46906/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **** Binary File/Data Transfer (Attempt) **][Risk Score: 130][Risk Info: Found host 69.118.162.229 / Entropy: 5.630 (Executable?) / File download Nickelback%20-%20Hero%20(Spiderman%20soundtrack).][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
+ 10 TCP 10.0.2.15:50327 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][5 pkts/815 bytes <-> 7 pkts/5620 bytes][Goodput ratio: 65/93][1.25 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 416/228 1138/1123 513/447][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/803 587/1514 212/666][URL: 69.118.162.229:46906/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **** Binary File/Data Transfer (Attempt) **][Risk Score: 130][Risk Info: Found host 69.118.162.229 / Expected on port 80 / Entropy: 5.630 (Executable?) / File download Nickelback%20-%20Hero%20(Spider][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
11 UDP 10.0.2.15:28681 <-> 80.61.221.246:30577 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1185 bytes <-> 9 pkts/5195 bytes][Goodput ratio: 68/93][197.38 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 39/35 26439/26440 107210/107216 34356/34358][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 132/577 274/769 53/274][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 5,5,33,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 UDP 10.0.2.15:28681 <-> 193.37.255.130:61616 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1185 bytes <-> 9 pkts/5176 bytes][Goodput ratio: 68/93][197.67 sec][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 127/126 26488/26488 107228/107229 34539/34539][Pkt Len c2s/s2c min/avg/max/stddev: 70/129 132/575 274/769 53/277][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 5,5,39,5,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 UDP 10.0.2.15:28681 <-> 103.232.107.100:43508 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1157 bytes <-> 8 pkts/4890 bytes][Goodput ratio: 67/93][230.22 sec][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 4875/4875 31136/30836 107031/107033 32420/35010][Pkt Len c2s/s2c min/avg/max/stddev: 70/128 129/611 274/769 56/273][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 11,0,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -80,11 +80,11 @@ JA3 Host Stats:
24 UDP 10.0.2.15:28681 <-> 89.75.52.19:46010 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][7 pkts/939 bytes <-> 7 pkts/3639 bytes][Goodput ratio: 69/92][197.35 sec][bytes ratio: -0.590 (Download)][IAT c2s/s2c min/avg/max/stddev: 98/59 16969/16961 46205/46196 16968/16973][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 134/520 274/769 60/291][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (.LGTKG)][Plen Bins: 7,7,35,7,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 UDP 10.0.2.15:28681 <-> 203.220.198.244:1194 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][7 pkts/939 bytes <-> 7 pkts/3509 bytes][Goodput ratio: 69/92][197.83 sec][bytes ratio: -0.578 (Download)][IAT c2s/s2c min/avg/max/stddev: 313/315 17988/17988 51261/51260 18094/18093][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 134/501 274/769 60/309][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 7,7,35,14,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 UDP 10.0.2.15:28681 <-> 46.128.114.107:6578 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][7 pkts/939 bytes <-> 7 pkts/3501 bytes][Goodput ratio: 69/92][197.45 sec][bytes ratio: -0.577 (Download)][IAT c2s/s2c min/avg/max/stddev: 60/40 16942/16932 46247/46248 16994/16998][Pkt Len c2s/s2c min/avg/max/stddev: 70/128 134/500 274/769 60/311][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 7,7,35,14,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 27 TCP 10.0.2.15:50314 <-> 80.7.252.192:6888 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1582 bytes <-> 11 pkts/2813 bytes][Goodput ratio: 65/79][0.20 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/17 69/69 25/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 158/256 663/1514 187/429][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS Cert Expired **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert Validity Too Long **][Risk Score: 360][Risk Info: No ALPN / SNI should always be present / TLS Cert lasts 5870 days / 05/Dec/2021 22:34:00 - 31/Dec/2037 23:00:00 / CN=gtk-gnute][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA3C: 6992dc627532d4fbccd43fb03d3bdeb4][JA4: t12d700800_738c12401e81_7448b1316cd7][JA3S: 1249fb68f48c0444718e4d3b48b27188][Issuer: CN=gtk-gnutella/1.2.1][Subject: CN=gtk-gnutella/1.2.1][Certificate SHA-1: E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93][Firefox][Validity: 2021-12-05 22:34:00 - 2037-12-31 23:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,12,12,0,0,0,12,0,0,0,0,0,0,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0]
+ 27 TCP 10.0.2.15:50314 <-> 80.7.252.192:6888 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1582 bytes <-> 11 pkts/2813 bytes][Goodput ratio: 65/79][0.20 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/17 69/69 25/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 158/256 663/1514 187/429][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS Cert Expired **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert Validity Too Long **][Risk Score: 360][Risk Info: No ALPN / SNI should always be present / Expected on port 443 / TLS Cert lasts 5870 days / 05/Dec/2021 22:34:00 - 31/Dec/2037 ][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA3C: 6992dc627532d4fbccd43fb03d3bdeb4][JA4: t12d700800_738c12401e81_7448b1316cd7][JA3S: 1249fb68f48c0444718e4d3b48b27188][Issuer: CN=gtk-gnutella/1.2.1][Subject: CN=gtk-gnutella/1.2.1][Certificate SHA-1: E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93][Firefox][Validity: 2021-12-05 22:34:00 - 2037-12-31 23:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,12,12,0,0,0,12,0,0,0,0,0,0,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0]
28 UDP 10.0.2.15:28681 <-> 45.31.152.112:26851 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/836 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 70/93][186.46 sec][bytes ratio: -0.588 (Download)][IAT c2s/s2c min/avg/max/stddev: 7100/7142 19000/19000 44374/44331 14989/14962][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 139/645 274/769 63/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 9,0,36,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 UDP 10.0.2.15:28681 <-> 96.65.68.194:35481 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/836 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 70/93][197.61 sec][bytes ratio: -0.588 (Download)][IAT c2s/s2c min/avg/max/stddev: 5017/5014 21044/21044 46304/46310 15712/15715][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 139/645 274/769 63/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 9,0,36,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 UDP 10.0.2.15:28681 <-> 181.84.178.16:60262 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/766 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 72/93][84.70 sec][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 5114/5194 21079/21064 46304/46263 15704/15629][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 153/645 274/769 60/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 0,0,40,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 31 TCP 10.0.2.15:50328 <-> 189.147.72.83:26108 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][4 pkts/766 bytes <-> 5 pkts/2826 bytes][Goodput ratio: 70/90][1.41 sec][Hostname/SNI: 189.147.72.83][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 470/304 1214/1208 532/522][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 192/565 592/1514 231/558][URL: 189.147.72.83:26108/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **** Binary File/Data Transfer (Attempt) **][Risk Score: 130][Risk Info: Found host 189.147.72.83 / Entropy: 5.619 (Executable?) / File download Nickelback%20-%20Hero%20(Spiderman%20soundtrack).][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
+ 31 TCP 10.0.2.15:50328 <-> 189.147.72.83:26108 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][4 pkts/766 bytes <-> 5 pkts/2826 bytes][Goodput ratio: 70/90][1.41 sec][Hostname/SNI: 189.147.72.83][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 470/304 1214/1208 532/522][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 192/565 592/1514 231/558][URL: 189.147.72.83:26108/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **** Binary File/Data Transfer (Attempt) **][Risk Score: 130][Risk Info: Found host 189.147.72.83 / Expected on port 80 / Entropy: 5.619 (Executable?) / File download Nickelback%20-%20Hero%20(Spiderm][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
32 UDP 10.0.2.15:28681 <-> 80.7.252.192:6888 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/844 bytes <-> 5 pkts/2741 bytes][Goodput ratio: 70/92][170.75 sec][bytes ratio: -0.529 (Download)][IAT c2s/s2c min/avg/max/stddev: 1605/1482 42670/42669 111028/111025 42886/42893][Pkt Len c2s/s2c min/avg/max/stddev: 98/148 141/548 274/769 61/274][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (.LGTKG)][Plen Bins: 0,18,27,9,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 UDP 10.0.2.15:28681 <-> 94.54.66.82:63637 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/537 bytes <-> 5 pkts/2722 bytes][Goodput ratio: 61/92][192.07 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 168/360 47931/46734 147616/141167 58240/55279][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 107/544 123/769 21/279][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 10,10,40,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 UDP 10.0.2.15:28681 <-> 96.236.205.7:34794 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/537 bytes <-> 5 pkts/2721 bytes][Goodput ratio: 61/92][191.79 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 123/120 47920/47919 147559/147561 58219/58220][Pkt Len c2s/s2c min/avg/max/stddev: 70/129 107/544 123/769 21/280][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 10,10,40,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -436,12 +436,12 @@ Undetected flows:
6 UDP 10.0.2.15:28681 <-> 188.61.52.183:11852 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/272 bytes <-> 3 pkts/981 bytes][Goodput ratio: 53/87][83.48 sec][bytes ratio: -0.566 (Download)][IAT c2s/s2c min/avg/max/stddev: 5559/5719 41729/41731 77899/77743 36170/36012][Pkt Len c2s/s2c min/avg/max/stddev: 70/82 91/327 128/769 26/313][PLAIN TEXT (CEGTKGW)][Plen Bins: 16,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 10.0.2.15:28681 <-> 14.200.255.229:37058 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][6 pkts/451 bytes <-> 6 pkts/641 bytes][Goodput ratio: 44/61][433.20 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6450/6454 93822/93822 203345/203341 72163/72161][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 75/107 98/120 10/14][PLAIN TEXT (LOCCen)][Plen Bins: 41,33,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 10.0.2.15:28681 -> 75.133.101.93:52367 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][8 pkts/847 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][90.43 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12919/0 46195/0 15764/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 106/0 128/0 21/0][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.287 (Executable?)][Plen Bins: 12,37,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 TCP 10.0.2.15:50245 <-> 73.62.225.181:46843 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][3 pkts/198 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][122.56 sec][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 3014/0 4514/0 6013/0 1499/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 TCP 10.0.2.15:50245 <-> 73.62.225.181:46843 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][3 pkts/198 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][122.56 sec][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 3014/0 4514/0 6013/0 1499/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP 10.0.2.15:28681 <-> 84.71.243.60:34498 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/239 bytes <-> 3 pkts/312 bytes][Goodput ratio: 47/59][121.86 sec][bytes ratio: -0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 14626/14492 60905/60859 107184/107226 46279/46367][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 80/104 98/119 13/13][PLAIN TEXT (pinkfloyd)][Plen Bins: 33,50,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 11 TCP 10.0.2.15:50190 <-> 80.140.63.147:29545 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 TCP 10.0.2.15:50191 <-> 207.38.163.228:6778 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 13 TCP 10.0.2.15:50192 <-> 45.65.87.24:16201 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 TCP 10.0.2.15:50193 <-> 89.75.52.19:46010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 11 TCP 10.0.2.15:50190 <-> 80.140.63.147:29545 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 TCP 10.0.2.15:50191 <-> 207.38.163.228:6778 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 13 TCP 10.0.2.15:50192 <-> 45.65.87.24:16201 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 TCP 10.0.2.15:50193 <-> 89.75.52.19:46010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 UDP 10.0.2.15:28681 <-> 97.83.183.148:8890 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/238 bytes <-> 3 pkts/281 bytes][Goodput ratio: 47/55][203.46 sec][bytes ratio: -0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 170/196 101636/101645 203102/203094 101466/101449][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 79/94 98/105 13/8][PLAIN TEXT (pinkfloyd)][Plen Bins: 33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 UDP 10.0.2.15:28681 <-> 45.65.87.24:16201 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/238 bytes <-> 3 pkts/276 bytes][Goodput ratio: 47/54][203.28 sec][bytes ratio: -0.074 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 42/41 101580/101617 203119/203193 101538/101576][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 79/92 98/100 13/6][PLAIN TEXT (pinkfloyd)][Plen Bins: 33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 UDP 10.0.2.15:28681 <-> 86.153.21.93:36696 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/238 bytes <-> 3 pkts/276 bytes][Goodput ratio: 47/54][203.27 sec][bytes ratio: -0.074 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/100 101618/101569 203102/203038 101484/101469][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 79/92 98/100 13/6][PLAIN TEXT (pinkfloyd)][Plen Bins: 33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -457,12 +457,12 @@ Undetected flows:
27 UDP 10.0.2.15:28681 <-> 77.58.211.52:3806 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][2 pkts/168 bytes <-> 2 pkts/193 bytes][Goodput ratio: 50/56][43.98 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
28 UDP 10.0.2.15:28681 <-> 101.128.66.8:34512 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][2 pkts/168 bytes <-> 2 pkts/193 bytes][Goodput ratio: 50/56][35.76 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 TCP 10.0.2.15:50202 <-> 61.238.173.128:57648 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.55 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 686/0 686/0 686/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 30 TCP 10.0.2.15:50220 <-> 36.233.196.226:3820 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.38 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 953/0 1015/0 1077/0 62/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 31 TCP 10.0.2.15:50222 <-> 119.14.143.237:6523 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.12 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 875/0 881/0 887/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 32 TCP 10.0.2.15:50228 <-> 111.241.31.96:14384 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.94 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 811/0 818/0 826/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 33 TCP 10.0.2.15:50256 <-> 36.233.201.161:2886 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.94 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 808/0 819/0 830/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 34 TCP 10.0.2.15:50266 <-> 219.70.175.103:4315 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.14 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 873/0 889/0 905/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 35 TCP 10.0.2.15:50283 <-> 51.68.153.214:35004 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.13 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 544/0 546/0 547/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 30 TCP 10.0.2.15:50220 <-> 36.233.196.226:3820 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.38 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 953/0 1015/0 1077/0 62/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 31 TCP 10.0.2.15:50222 <-> 119.14.143.237:6523 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.12 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 875/0 881/0 887/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 32 TCP 10.0.2.15:50228 <-> 111.241.31.96:14384 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.94 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 811/0 818/0 826/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 33 TCP 10.0.2.15:50256 <-> 36.233.201.161:2886 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.94 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 808/0 819/0 830/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 34 TCP 10.0.2.15:50266 <-> 219.70.175.103:4315 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.14 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 873/0 889/0 905/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 35 TCP 10.0.2.15:50283 <-> 51.68.153.214:35004 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.13 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 544/0 546/0 547/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
36 UDP 10.0.2.15:28681 <-> 27.94.154.53:6346 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][2 pkts/168 bytes <-> 2 pkts/188 bytes][Goodput ratio: 50/55][0.41 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
37 UDP 10.0.2.15:28681 <-> 73.89.249.8:50649 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][2 pkts/168 bytes <-> 2 pkts/188 bytes][Goodput ratio: 50/55][7.44 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
38 UDP 10.0.2.15:28681 <-> 75.64.6.175:4743 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][2 pkts/168 bytes <-> 2 pkts/188 bytes][Goodput ratio: 50/55][44.39 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/google_chat.pcapng.out b/tests/cfgs/default/result/google_chat.pcapng.out
index 96d0baf35..9bd3131e7 100644
--- a/tests/cfgs/default/result/google_chat.pcapng.out
+++ b/tests/cfgs/default/result/google_chat.pcapng.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
1 192.168.88.231 1
- 1 TCP 192.168.88.231:46172 <-> 142.251.1.100:443 [proto: 91.382/TLS.GoogleChat][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Chat/9][3 pkts/869 bytes <-> 3 pkts/3006 bytes][Goodput ratio: 76/93][0.04 sec][Hostname/SNI: chat.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 20/20 10/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290/1002 729/2866 311/1318][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
+ 1 TCP 192.168.88.231:46172 <-> 142.251.1.100:443 [proto: 91.382/TLS.GoogleChat][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Chat/9][3 pkts/869 bytes <-> 3 pkts/3006 bytes][Goodput ratio: 76/93][0.04 sec][Hostname/SNI: chat.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 20/20 10/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290/1002 729/2866 311/1318][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
diff --git a/tests/cfgs/default/result/google_meet.pcapng.out b/tests/cfgs/default/result/google_meet.pcapng.out
index b6a94206c..cc30e303c 100644
--- a/tests/cfgs/default/result/google_meet.pcapng.out
+++ b/tests/cfgs/default/result/google_meet.pcapng.out
@@ -31,4 +31,4 @@ JA3 Host Stats:
1 UDP 192.168.88.231:59369 <-> 173.194.73.101:443 [proto: 188.201/QUIC.GoogleMeet][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.201/QUIC.GoogleMeet, Confidence: DPI][DPI packets: 1][cat: Chat/9][2 pkts/1373 bytes <-> 4 pkts/5168 bytes][Goodput ratio: 94/97][0.04 sec][Hostname/SNI: meet.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 18/17 18/6 18/17 0/8][Pkt Len c2s/s2c min/avg/max/stddev: 81/1292 686/1292 1292/1292 606/0][TLSv1.3][QUIC ver: V-1][JA3C: 86ba0adabbe377daf6b620f07b59b45c][JA4: q13d0311h0_55b375c5d22e_5a1f323ef56d][ECH: version 0xfe0d][PLAIN TEXT (w.ZLst)][Plen Bins: 0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0,0,0,0]
- 2 TCP 192.168.88.231:43268 <-> 173.194.73.101:443 [proto: 91.201/TLS.GoogleMeet][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Chat/9][3 pkts/741 bytes <-> 3 pkts/1606 bytes][Goodput ratio: 72/87][0.03 sec][Hostname/SNI: meet.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.369 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/8 16/16 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/535 601/1466 250/658][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][TLSv1.3][JA3C: f97d8fcbd3d1517f7bf0d2c536a503a1][JA4: t13d1516h2_8daaf6152771_02713d6af862][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0]
+ 2 TCP 192.168.88.231:43268 <-> 173.194.73.101:443 [proto: 91.201/TLS.GoogleMeet][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Chat/9][3 pkts/741 bytes <-> 3 pkts/1606 bytes][Goodput ratio: 72/87][0.03 sec][Hostname/SNI: meet.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.369 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/8 16/16 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/535 601/1466 250/658][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][TLSv1.3][JA3C: f97d8fcbd3d1517f7bf0d2c536a503a1][JA4: t13d1516h2_8daaf6152771_02713d6af862][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0]
diff --git a/tests/cfgs/default/result/gtp_prime.pcapng.out b/tests/cfgs/default/result/gtp_prime.pcapng.out
index 621efb7ca..a1d273645 100644
--- a/tests/cfgs/default/result/gtp_prime.pcapng.out
+++ b/tests/cfgs/default/result/gtp_prime.pcapng.out
@@ -24,4 +24,4 @@ GTP_PRIME 1 300 1
Acceptable 1 300 1
- 1 UDP 10.10.54.1:64580 -> 10.10.39.10:3386 [VLAN: 103][proto: 152.273/GTP.GTP_PRIME][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 152.273/GTP.GTP_PRIME, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (NODE01)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 10.10.54.1:64580 -> 10.10.39.10:3386 [VLAN: 103][proto: 152.273/GTP.GTP_PRIME][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 152.273/GTP.GTP_PRIME, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/300 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 2152,2123][PLAIN TEXT (NODE01)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/h323.pcap.out b/tests/cfgs/default/result/h323.pcap.out
index 8087354b9..284394dd2 100644
--- a/tests/cfgs/default/result/h323.pcap.out
+++ b/tests/cfgs/default/result/h323.pcap.out
@@ -28,6 +28,6 @@ Acceptable 75 7998 6
1 TCP 10.1.3.143:32803 <-> 10.1.6.18:1720 [proto: 158/H323][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][11 pkts/934 bytes <-> 10 pkts/1018 bytes][Goodput ratio: 34/44][1.05 sec][bytes ratio: -0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 103/149 627/627 206/209][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/102 214/151 61/35][TCP Fingerprint: 2_64_5840_615eac77f548/Unknown][PLAIN TEXT (m.jemec)][Plen Bins: 0,0,50,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 10.47.208.204:1719 <-> 10.47.208.50:1719 [proto: 158/H323][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 158/H323, Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/1137 bytes <-> 2 pkts/592 bytes][Goodput ratio: 89/86][60.24 sec][PLAIN TEXT (Tandberg)][Plen Bins: 0,0,0,0,0,0,0,40,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 17.2.0.124:2034 <-> 17.2.0.161:1719 [proto: 158/H323][IP: 140/Apple][ClearText][Confidence: DPI][FPC: 158/H323, Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/665 bytes <-> 7 pkts/853 bytes][Goodput ratio: 81/65][80.21 sec][bytes ratio: -0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 247/336 288/13362 330/70142 42/25418][Pkt Len c2s/s2c min/avg/max/stddev: 80/67 222/122 411/176 139/48][PLAIN TEXT (@333333330)][Plen Bins: 20,20,10,10,30,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 10.1.3.143:32804 <-> 10.1.6.18:1232 [proto: 158/H323][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: VoIP/10][13 pkts/849 bytes <-> 9 pkts/612 bytes][Goodput ratio: 15/17][0.56 sec][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/4 39/71 173/173 49/56][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 65/68 103/85 15/10][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_5840_615eac77f548/Unknown][Plen Bins: 90,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 10.1.3.143:32804 <-> 10.1.6.18:1232 [proto: 158/H323][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: VoIP/10][13 pkts/849 bytes <-> 9 pkts/612 bytes][Goodput ratio: 15/17][0.56 sec][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/4 39/71 173/173 49/56][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 65/68 103/85 15/10][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1719,1720][TCP Fingerprint: 2_64_5840_615eac77f548/Unknown][Plen Bins: 90,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.0.208:56837 <-> 192.168.0.1:1720 [proto: 158/H323][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: VoIP/10][9 pkts/660 bytes <-> 6 pkts/371 bytes][Goodput ratio: 20/12][44.95 sec][bytes ratio: 0.280 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4279/7498 14994/14994 6708/7496][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 73/62 180/93 38/14][TCP Fingerprint: 2_64_8192_b003a81c1be6/Unknown][Plen Bins: 67,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 17.2.0.124:3032 <-> 17.2.0.122:1720 [proto: 158/H323][IP: 140/Apple][ClearText][Confidence: DPI][FPC: 158/H323, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/207 bytes <-> 1 pkts/100 bytes][Goodput ratio: 74/46][0.06 sec][PLAIN TEXT (5295672)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/hl7.pcap.out b/tests/cfgs/default/result/hl7.pcap.out
index a900b6a11..4a8225268 100644
--- a/tests/cfgs/default/result/hl7.pcap.out
+++ b/tests/cfgs/default/result/hl7.pcap.out
@@ -24,6 +24,6 @@ HL7 47 7319 3
Acceptable 47 7319 3
- 1 TCP 10.0.0.155:49242 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: IoT-Scada/31][15 pkts/2331 bytes <-> 12 pkts/1188 bytes][Goodput ratio: 61/42][0.04 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 31/11 9/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 155/99 531/222 188/71][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SENDING)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 10.0.0.155:49252 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][6 pkts/2133 bytes <-> 5 pkts/404 bytes][Goodput ratio: 83/30][0.03 sec][bytes ratio: 0.682 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 6/8 20/15 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 356/81 1514/176 530/48][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
- 3 TCP 10.0.0.155:49250 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][5 pkts/913 bytes <-> 4 pkts/350 bytes][Goodput ratio: 67/35][0.02 sec][bytes ratio: 0.446 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 4/9 17/14 7/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 183/88 667/176 242/51][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 10.0.0.155:49242 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: IoT-Scada/31][15 pkts/2331 bytes <-> 12 pkts/1188 bytes][Goodput ratio: 61/42][0.04 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 31/11 9/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 155/99 531/222 188/71][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SENDING)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 10.0.0.155:49252 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][6 pkts/2133 bytes <-> 5 pkts/404 bytes][Goodput ratio: 83/30][0.03 sec][bytes ratio: 0.682 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 6/8 20/15 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 356/81 1514/176 530/48][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
+ 3 TCP 10.0.0.155:49250 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][5 pkts/913 bytes <-> 4 pkts/350 bytes][Goodput ratio: 67/35][0.02 sec][bytes ratio: 0.446 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 4/9 17/14 7/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 183/88 667/176 242/51][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out b/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out
index e5fcf698f..cf71d197c 100644
--- a/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out
+++ b/tests/cfgs/default/result/hsrp2_ipv6.pcapng.out
@@ -24,5 +24,5 @@ HSRP 36 4374 2
Acceptable 36 4374 2
- 1 UDP [fe80::1]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 282/HSRP, Confidence: DPI][DPI packets: 1][cat: Network/14][18 pkts/2286 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][138.56 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8110/0 21092/0 4624/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 127/0 138/0 25/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 16,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP [fe80::2]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 282/HSRP, Confidence: DPI][DPI packets: 1][cat: Network/14][18 pkts/2088 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][131.58 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 73/0 7611/0 21554/0 5305/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 116/0 138/0 31/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 33,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP [fe80::1]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 282/HSRP, Confidence: DPI][DPI packets: 1][cat: Network/14][18 pkts/2286 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][138.56 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8110/0 21092/0 4624/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 127/0 138/0 25/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1985][Plen Bins: 16,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP [fe80::2]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 282/HSRP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 282/HSRP, Confidence: DPI][DPI packets: 1][cat: Network/14][18 pkts/2088 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][131.58 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 73/0 7611/0 21554/0 5305/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 116/0 138/0 31/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1985][Plen Bins: 33,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/http-basic-auth.pcap.out b/tests/cfgs/default/result/http-basic-auth.pcap.out
index b239f626a..be5bab391 100644
--- a/tests/cfgs/default/result/http-basic-auth.pcap.out
+++ b/tests/cfgs/default/result/http-basic-auth.pcap.out
@@ -27,28 +27,28 @@ HTTP 688 353898 25
Acceptable 688 353898 25
- 1 TCP 192.168.0.4:54340 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][58 pkts/9591 bytes <-> 74 pkts/74782 bytes][Goodput ratio: 60/93][20.90 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.773 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 397/166 4647/4811 1045/722][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 165/1011 805/1514 248/628][URL: browserspy.dk/theme/default.css][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /theme/default.css HTTP/1.1)][Plen Bins: 0,0,5,0,4,0,4,2,2,2,0,1,0,0,0,0,0,2,1,0,0,0,8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,63,0,0]
- 2 TCP 192.168.0.4:54338 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][31 pkts/4999 bytes <-> 40 pkts/37974 bytes][Goodput ratio: 59/93][17.45 sec][Username: test][Password: fail3][Hostname/SNI: browserspy.dk][bytes ratio: -0.767 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 716/350 5396/5591 1514/1171][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 161/949 805/1514 246/645][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /password)][Plen Bins: 0,0,5,0,5,0,5,0,2,2,0,0,0,0,0,2,0,0,0,2,0,0,5,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,62,0,0]
- 3 TCP 192.168.0.4:54584 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][27 pkts/3947 bytes <-> 36 pkts/37139 bytes][Goodput ratio: 55/94][15.57 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.808 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 502/211 4249/2440 1050/592][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/1032 797/1514 225/628][URL: browserspy.dk/pics/logo.png][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /pics/logo.png HTTP/1.1)][Plen Bins: 0,0,6,0,3,0,3,0,3,0,0,0,0,0,0,0,0,3,0,0,0,0,12,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0]
- 4 TCP 192.168.0.4:54505 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][27 pkts/3165 bytes <-> 36 pkts/37069 bytes][Goodput ratio: 43/94][10.97 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.843 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 298/138 2784/2976 683/551][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/1030 775/1514 180/625][URL: browserspy.dk/password.php][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /password.php HTTP/1.1)][Plen Bins: 0,0,6,0,0,0,6,3,3,3,0,0,0,0,0,0,0,3,0,0,3,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0]
- 5 TCP 192.168.0.4:54506 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][16 pkts/1711 bytes <-> 20 pkts/21882 bytes][Goodput ratio: 38/94][18.69 sec][Hostname/SNI: browserspy.dk][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/2 1542/885 9336/9536 2720/2475][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/1094 709/1514 155/644][URL: browserspy.dk/?_=1381844104551][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (yGET /)][Plen Bins: 0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,87,0,0]
- 6 TCP 192.168.0.4:54318 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][15 pkts/1737 bytes <-> 20 pkts/19002 bytes][Goodput ratio: 42/93][15.29 sec][Username: test][Password: fail][Hostname/SNI: browserspy.dk][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1372/588 7743/7938 2428/1969][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 116/950 801/1514 183/656][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
- 7 TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Username: test][Password: fail2][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
- 8 TCP 192.168.0.4:54317 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][14 pkts/1636 bytes <-> 19 pkts/18925 bytes][Goodput ratio: 43/93][9.56 sec][Hostname/SNI: browserspy.dk][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 454/33 3673/227 1082/74][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/996 766/1514 180/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
- 9 TCP 192.168.0.4:54487 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][15 pkts/1711 bytes <-> 19 pkts/18579 bytes][Goodput ratio: 41/93][11.68 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.831 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 605/442 5841/6025 1661/1494][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 114/978 775/1514 177/643][URL: browserspy.dk/password.php][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /password.php HTTP/1.1)][Plen Bins: 0,0,6,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
- 10 TCP 192.168.0.4:54580 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][13 pkts/1607 bytes <-> 16 pkts/18347 bytes][Goodput ratio: 46/94][5.90 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.839 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 552/73 4815/274 1427/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/1147 803/1514 196/623][URL: browserspy.dk/password-ok.php][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /password)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,85,0,0]
- 11 TCP 192.168.0.4:54342 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/2866 bytes <-> 7 pkts/881 bytes][Goodput ratio: 77/47][6.17 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 742/178 5018/292 1618/106][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 287/126 799/203 334/67][URL: browserspy.dk/pics/logo.png][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /pics/logo.png HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 TCP 192.168.0.4:54341 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/2854 bytes <-> 7 pkts/881 bytes][Goodput ratio: 76/47][6.17 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.528 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 743/180 5025/271 1621/105][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 285/126 805/203 333/67][URL: browserspy.dk/js/jquery.js][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /js/j)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 13 TCP 192.168.0.4:54582 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1141 bytes <-> 5 pkts/475 bytes][Goodput ratio: 64/29][15.57 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.412 (Upload)][IAT c2s/s2c min/avg/max/stddev: 191/10 3074/330 9509/649 3703/320][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/95 799/203 272/54][URL: browserspy.dk/theme/default.css][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /theme/default.css HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 TCP 192.168.0.4:54343 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1140 bytes <-> 5 pkts/475 bytes][Goodput ratio: 64/29][6.17 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.412 (Upload)][IAT c2s/s2c min/avg/max/stddev: 211/0 1188/274 4948/548 1880/274][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/95 798/203 272/54][URL: browserspy.dk/pics/menunew.png][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /pics/menunew.png HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 TCP 192.168.0.4:54581 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1139 bytes <-> 5 pkts/475 bytes][Goodput ratio: 64/29][15.57 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.411 (Upload)][IAT c2s/s2c min/avg/max/stddev: 184/2 3074/326 9473/649 3698/324][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/95 797/203 272/54][URL: browserspy.dk/theme/reset.css][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /theme/reset.css HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 TCP 192.168.0.4:54583 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1121 bytes <-> 5 pkts/475 bytes][Goodput ratio: 64/29][15.57 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 191/2 3074/332 9499/662 3700/330][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 187/95 779/203 265/54][URL: browserspy.dk/js/jquery.js][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /js/j)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 17 TCP 192.168.0.4:54319 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.83 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 245/1181 3160/1181 10225/1181 4094/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 TCP 192.168.0.4:54320 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 246/1178 3161/1178 10229/1178 4096/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 TCP 192.168.0.4:54321 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 246/940 3160/940 10267/940 4123/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 20 TCP 192.168.0.4:54322 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/760 3160/760 10249/760 4122/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 21 TCP 192.168.0.4:54354 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.68 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 202/3082 3577/3082 10249/3082 3955/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 TCP 192.168.0.4:54507 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.09 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 204/2408 3474/2408 10240/2408 3970/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 TCP 192.168.0.4:54508 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.09 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 204/2410 3475/2410 10240/2410 3970/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 24 TCP 192.168.0.4:54509 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.10 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 204/2207 3474/2207 10236/2207 3958/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 25 TCP 192.168.0.4:54596 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][15.49 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 194/3741 3824/3741 10228/3741 3889/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.0.4:54340 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][58 pkts/9591 bytes <-> 74 pkts/74782 bytes][Goodput ratio: 60/93][20.90 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.773 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 397/166 4647/4811 1045/722][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 165/1011 805/1514 248/628][URL: browserspy.dk/theme/default.css][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /theme/default.css HTTP/1.1)][Plen Bins: 0,0,5,0,4,0,4,2,2,2,0,1,0,0,0,0,0,2,1,0,0,0,8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,63,0,0]
+ 2 TCP 192.168.0.4:54338 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][31 pkts/4999 bytes <-> 40 pkts/37974 bytes][Goodput ratio: 59/93][17.45 sec][Username: test][Password: fail3][Hostname/SNI: browserspy.dk][bytes ratio: -0.767 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 716/350 5396/5591 1514/1171][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 161/949 805/1514 246/645][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,5,0,5,0,5,0,2,2,0,0,0,0,0,2,0,0,0,2,0,0,5,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,62,0,0]
+ 3 TCP 192.168.0.4:54584 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][27 pkts/3947 bytes <-> 36 pkts/37139 bytes][Goodput ratio: 55/94][15.57 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.808 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 502/211 4249/2440 1050/592][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/1032 797/1514 225/628][URL: browserspy.dk/pics/logo.png][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /pics/logo.png HTTP/1.1)][Plen Bins: 0,0,6,0,3,0,3,0,3,0,0,0,0,0,0,0,0,3,0,0,0,0,12,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0]
+ 4 TCP 192.168.0.4:54505 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][27 pkts/3165 bytes <-> 36 pkts/37069 bytes][Goodput ratio: 43/94][10.97 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.843 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 298/138 2784/2976 683/551][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/1030 775/1514 180/625][URL: browserspy.dk/password.php][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password.php HTTP/1.1)][Plen Bins: 0,0,6,0,0,0,6,3,3,3,0,0,0,0,0,0,0,3,0,0,3,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0]
+ 5 TCP 192.168.0.4:54506 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][16 pkts/1711 bytes <-> 20 pkts/21882 bytes][Goodput ratio: 38/94][18.69 sec][Hostname/SNI: browserspy.dk][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/2 1542/885 9336/9536 2720/2475][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/1094 709/1514 155/644][URL: browserspy.dk/?_=1381844104551][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (yGET /)][Plen Bins: 0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,87,0,0]
+ 6 TCP 192.168.0.4:54318 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][15 pkts/1737 bytes <-> 20 pkts/19002 bytes][Goodput ratio: 42/93][15.29 sec][Username: test][Password: fail][Hostname/SNI: browserspy.dk][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1372/588 7743/7938 2428/1969][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 116/950 801/1514 183/656][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
+ 7 TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Username: test][Password: fail2][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
+ 8 TCP 192.168.0.4:54317 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][14 pkts/1636 bytes <-> 19 pkts/18925 bytes][Goodput ratio: 43/93][9.56 sec][Hostname/SNI: browserspy.dk][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 454/33 3673/227 1082/74][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/996 766/1514 180/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
+ 9 TCP 192.168.0.4:54487 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][15 pkts/1711 bytes <-> 19 pkts/18579 bytes][Goodput ratio: 41/93][11.68 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.831 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 605/442 5841/6025 1661/1494][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 114/978 775/1514 177/643][URL: browserspy.dk/password.php][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password.php HTTP/1.1)][Plen Bins: 0,0,6,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
+ 10 TCP 192.168.0.4:54580 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][13 pkts/1607 bytes <-> 16 pkts/18347 bytes][Goodput ratio: 46/94][5.90 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.839 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 552/73 4815/274 1427/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/1147 803/1514 196/623][URL: browserspy.dk/password-ok.php][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,85,0,0]
+ 11 TCP 192.168.0.4:54342 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/2866 bytes <-> 7 pkts/881 bytes][Goodput ratio: 77/47][6.17 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 742/178 5018/292 1618/106][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 287/126 799/203 334/67][URL: browserspy.dk/pics/logo.png][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /pics/logo.png HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 TCP 192.168.0.4:54341 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/2854 bytes <-> 7 pkts/881 bytes][Goodput ratio: 76/47][6.17 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.528 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 743/180 5025/271 1621/105][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 285/126 805/203 333/67][URL: browserspy.dk/js/jquery.js][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /js/j)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 13 TCP 192.168.0.4:54582 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1141 bytes <-> 5 pkts/475 bytes][Goodput ratio: 64/29][15.57 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.412 (Upload)][IAT c2s/s2c min/avg/max/stddev: 191/10 3074/330 9509/649 3703/320][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/95 799/203 272/54][URL: browserspy.dk/theme/default.css][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /theme/default.css HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 TCP 192.168.0.4:54343 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1140 bytes <-> 5 pkts/475 bytes][Goodput ratio: 64/29][6.17 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.412 (Upload)][IAT c2s/s2c min/avg/max/stddev: 211/0 1188/274 4948/548 1880/274][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/95 798/203 272/54][URL: browserspy.dk/pics/menunew.png][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /pics/menunew.png HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 TCP 192.168.0.4:54581 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1139 bytes <-> 5 pkts/475 bytes][Goodput ratio: 64/29][15.57 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.411 (Upload)][IAT c2s/s2c min/avg/max/stddev: 184/2 3074/326 9473/649 3698/324][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/95 797/203 272/54][URL: browserspy.dk/theme/reset.css][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /theme/reset.css HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 TCP 192.168.0.4:54583 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1121 bytes <-> 5 pkts/475 bytes][Goodput ratio: 64/29][15.57 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 191/2 3074/332 9499/662 3700/330][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 187/95 779/203 265/54][URL: browserspy.dk/js/jquery.js][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /js/j)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 17 TCP 192.168.0.4:54319 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.83 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 245/1181 3160/1181 10225/1181 4094/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 TCP 192.168.0.4:54320 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 246/1178 3161/1178 10229/1178 4096/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 TCP 192.168.0.4:54321 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 246/940 3160/940 10267/940 4123/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 20 TCP 192.168.0.4:54322 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/760 3160/760 10249/760 4122/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 21 TCP 192.168.0.4:54354 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.68 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 202/3082 3577/3082 10249/3082 3955/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 22 TCP 192.168.0.4:54507 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.09 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 204/2408 3474/2408 10240/2408 3970/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 TCP 192.168.0.4:54508 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.09 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 204/2410 3475/2410 10240/2410 3970/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 24 TCP 192.168.0.4:54509 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.10 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 204/2207 3474/2207 10236/2207 3958/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 25 TCP 192.168.0.4:54596 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][15.49 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 194/3741 3824/3741 10228/3741 3889/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/http-lines-split.pcap.out b/tests/cfgs/default/result/http-lines-split.pcap.out
index 185dc90d4..e41c81357 100644
--- a/tests/cfgs/default/result/http-lines-split.pcap.out
+++ b/tests/cfgs/default/result/http-lines-split.pcap.out
@@ -24,4 +24,4 @@ HTTP 14 2503 1
Acceptable 14 2503 1
- 1 TCP 192.168.0.1:39236 <-> 192.168.0.20:31337 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][7 pkts/481 bytes <-> 7 pkts/2022 bytes][Goodput ratio: 14/81][0.00 sec][Hostname/SNI: toni.lan][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 69/289 92/1514 12/503][URL: toni.lan:31337/][StatusCode: 200][User-Agent: uclient-fetch][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_64240_488af9f42101/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
+ 1 TCP 192.168.0.1:39236 <-> 192.168.0.20:31337 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][7 pkts/481 bytes <-> 7 pkts/2022 bytes][Goodput ratio: 14/81][0.00 sec][Hostname/SNI: toni.lan][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 69/289 92/1514 12/503][URL: toni.lan:31337/][StatusCode: 200][User-Agent: uclient-fetch][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][TCP Fingerprint: 2_128_64240_488af9f42101/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
diff --git a/tests/cfgs/default/result/http-pwd.pcapng.out b/tests/cfgs/default/result/http-pwd.pcapng.out
index ff3688c3d..e311e31f3 100644
--- a/tests/cfgs/default/result/http-pwd.pcapng.out
+++ b/tests/cfgs/default/result/http-pwd.pcapng.out
@@ -24,4 +24,4 @@ ntop 14 1805 1
Safe 14 1805 1
- 1 TCP 127.0.0.1:56451 <-> 127.0.0.1:3000 [proto: 7.26/HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][7 pkts/1151 bytes <-> 7 pkts/654 bytes][Goodput ratio: 65/38][0.00 sec][Username: admin][Password: adminpwd][Hostname/SNI: localhost][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/4 1/1 4/4 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 164/93 747/306 239/87][URL: localhost:3000/authorize.html][StatusCode: 302][Req Content-Type: application/x-www-form-urlencoded][Server: ntopng 6.3.241001 (arm64)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found password][TCP Fingerprint: 2_64_65535_99a660d3e328/Unknown][PLAIN TEXT (XPOST /authorize.html HTTP/1.1)][Plen Bins: 0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 127.0.0.1:56451 <-> 127.0.0.1:3000 [proto: 7.26/HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][7 pkts/1151 bytes <-> 7 pkts/654 bytes][Goodput ratio: 65/38][0.00 sec][Username: admin][Password: adminpwd][Hostname/SNI: localhost][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/4 1/1 4/4 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 164/93 747/306 239/87][URL: localhost:3000/authorize.html][StatusCode: 302][Req Content-Type: application/x-www-form-urlencoded][Server: ntopng 6.3.241001 (arm64)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found password][TCP Fingerprint: 2_64_65535_99a660d3e328/macOS][PLAIN TEXT (XPOST /authorize.html HTTP/1.1)][Plen Bins: 0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/http_auth.pcap.out b/tests/cfgs/default/result/http_auth.pcap.out
index 19b9f0c97..6dec7a384 100644
--- a/tests/cfgs/default/result/http_auth.pcap.out
+++ b/tests/cfgs/default/result/http_auth.pcap.out
@@ -24,4 +24,4 @@ HTTP 33 20574 1
Acceptable 33 20574 1
- 1 TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Username: test][Password: fail2][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
+ 1 TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Username: test][Password: fail2][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: Found credentials in HTTP Auth Line / HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
diff --git a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out
index 0d9da9961..d2e5f7f82 100644
--- a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out
+++ b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out
@@ -26,4 +26,4 @@ POP3 1 123 1
Unsafe 1 123 1
- 1 TCP 170.33.13.5:110 -> 192.168.0.1:179 [proto: 2/POP3][IP: 274/Alibaba][ClearText][Confidence: Match by port][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 1][cat: Email/3][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unsafe Protocol **** Susp Entropy **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 80][Risk Info: No client to server traffic / Entropy: 5.038 (Executable?) / TCP probing attempt][PLAIN TEXT (6 HTTP/1.1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 170.33.13.5:110 -> 192.168.0.1:179 [proto: 2/POP3][IP: 274/Alibaba][ClearText][Confidence: Match by port][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 1][cat: Email/3][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unsafe Protocol **** Susp Entropy **** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 130][Risk Info: No client to server traffic / Entropy: 5.038 (Executable?) / Connection refused / TCP probing attempt][PLAIN TEXT (6 HTTP/1.1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/imap-starttls.pcap.out b/tests/cfgs/default/result/imap-starttls.pcap.out
index 9941e2987..bdbda22da 100644
--- a/tests/cfgs/default/result/imap-starttls.pcap.out
+++ b/tests/cfgs/default/result/imap-starttls.pcap.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
1 192.168.17.53 1
- 1 TCP 192.168.17.53:49640 <-> 212.227.17.186:143 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][cat: Email/3][18 pkts/1536 bytes <-> 14 pkts/6439 bytes][Goodput ratio: 35/88][3.02 sec][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 188/251 1486/1677 371/512][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/460 372/1514 76/571][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: Expected on port 993 / No ALPN / SNI should always be present][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][TLSv1.2][JA3C: c369db2c355ad05c76f5660af3179b01][JA4: t12d910500_383454ac02f4_a1e935682795][ServerNames: imap.gmx.net,imap.gmx.de][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=NRW, L=Netphen, CN=TeleSec ServerPass DE-1][Subject: C=DE, O=1&1 Mail & Media GmbH, ST=Rhineland-Palatinate, L=Montabaur, CN=imap.gmx.net][Certificate SHA-1: 0F:E8:EA:E2:48:87:DF:8E:FE:F2:84:59:FE:D0:FC:1C:46:24:85:F5][Firefox][Validity: 2013-11-12 10:17:31 - 2016-11-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (CAPABILITY IMAP)][Plen Bins: 25,18,6,6,0,0,0,6,6,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
+ 1 TCP 192.168.17.53:49640 <-> 212.227.17.186:143 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][cat: Email/3][18 pkts/1536 bytes <-> 14 pkts/6439 bytes][Goodput ratio: 35/88][3.02 sec][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 188/251 1486/1677 371/512][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 85/460 372/1514 76/571][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: Expected on port 993 / No ALPN / SNI should always be present][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][TLSv1.2][JA3C: c369db2c355ad05c76f5660af3179b01][JA4: t12d910500_383454ac02f4_a1e935682795][ServerNames: imap.gmx.net,imap.gmx.de][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=NRW, L=Netphen, CN=TeleSec ServerPass DE-1][Subject: C=DE, O=1&1 Mail & Media GmbH, ST=Rhineland-Palatinate, L=Montabaur, CN=imap.gmx.net][Certificate SHA-1: 0F:E8:EA:E2:48:87:DF:8E:FE:F2:84:59:FE:D0:FC:1C:46:24:85:F5][Firefox][Validity: 2013-11-12 10:17:31 - 2016-11-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (CAPABILITY IMAP)][Plen Bins: 25,18,6,6,0,0,0,6,6,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
diff --git a/tests/cfgs/default/result/ipp.pcap.out b/tests/cfgs/default/result/ipp.pcap.out
index 9e978e7f0..02d9547a6 100644
--- a/tests/cfgs/default/result/ipp.pcap.out
+++ b/tests/cfgs/default/result/ipp.pcap.out
@@ -24,6 +24,6 @@ IPP 277 248554 3
Acceptable 277 248554 3
- 1 TCP 10.10.10.49:55342 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: System/18][150 pkts/237529 bytes <-> 84 pkts/5922 bytes][Goodput ratio: 96/6][1.20 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.951 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 6/11 218/212 27/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1584/70 2962/267 978/27][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251][TCP Fingerprint: 2_64_5840_2e3cee914fc1/Unknown][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 1,1,0,0,3,2,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1,2,0,0,0,0,2,0,68]
- 2 TCP 10.10.10.49:55343 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: System/18][14 pkts/1662 bytes <-> 11 pkts/1306 bytes][Goodput ratio: 44/44][0.06 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 5/7 44/40 12/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/119 294/333 85/82][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251][TCP Fingerprint: 2_64_5840_2e3cee914fc1/Unknown][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 30,0,0,10,30,0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 10.10.10.49:55341 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: System/18][10 pkts/1098 bytes <-> 8 pkts/1037 bytes][Goodput ratio: 39/48][0.02 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/130 355/393 92/110][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251][TCP Fingerprint: 2_64_5840_2e3cee914fc1/Unknown][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 33,0,0,0,33,0,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 10.10.10.49:55342 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: System/18][150 pkts/237529 bytes <-> 84 pkts/5922 bytes][Goodput ratio: 96/6][1.20 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.951 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 6/11 218/212 27/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1584/70 2962/267 978/27][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251 / Expected on port 80][TCP Fingerprint: 2_64_5840_2e3cee914fc1/Unknown][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 1,1,0,0,3,2,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1,2,0,0,0,0,2,0,68]
+ 2 TCP 10.10.10.49:55343 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: System/18][14 pkts/1662 bytes <-> 11 pkts/1306 bytes][Goodput ratio: 44/44][0.06 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 5/7 44/40 12/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/119 294/333 85/82][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251 / Expected on port 80][TCP Fingerprint: 2_64_5840_2e3cee914fc1/Unknown][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 30,0,0,10,30,0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 10.10.10.49:55341 <-> 10.10.10.251:631 [proto: 7.6/HTTP.IPP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: System/18][10 pkts/1098 bytes <-> 8 pkts/1037 bytes][Goodput ratio: 39/48][0.02 sec][Hostname/SNI: 10.10.10.251][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/130 355/393 92/110][URL: 10.10.10.251/ipp/][StatusCode: 100][Req Content-Type: application/ipp][User-Agent: CUPS/1.3.4][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.10.10.251 / Expected on port 80][TCP Fingerprint: 2_64_5840_2e3cee914fc1/Unknown][PLAIN TEXT (POST /ipp/ HTTP/1.1)][Plen Bins: 33,0,0,0,33,0,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/irc.pcap.out b/tests/cfgs/default/result/irc.pcap.out
index 372577b67..efb9d1b33 100644
--- a/tests/cfgs/default/result/irc.pcap.out
+++ b/tests/cfgs/default/result/irc.pcap.out
@@ -24,4 +24,4 @@ IRC 29 8945 1
Unsafe 29 8945 1
- 1 TCP 10.180.156.249:45921 <-> 38.229.70.20:8000 [proto: 65/IRC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Chat/9][14 pkts/1046 bytes <-> 15 pkts/7899 bytes][Goodput ratio: 11/87][14.57 sec][bytes ratio: -0.766 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1314/1206 8864/8864 2852/2736][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/527 107/1514 14/611][Risk: ** Known Proto on Non Std Port **** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 160][Risk Info: Found IRC username (xxxxx)][TCP Fingerprint: 2_64_14600_2e3cee914fc1/Unknown][PLAIN TEXT (USER xx)][Plen Bins: 13,41,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0]
+ 1 TCP 10.180.156.249:45921 <-> 38.229.70.20:8000 [proto: 65/IRC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Chat/9][14 pkts/1046 bytes <-> 15 pkts/7899 bytes][Goodput ratio: 11/87][14.57 sec][bytes ratio: -0.766 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1314/1206 8864/8864 2852/2736][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/527 107/1514 14/611][Risk: ** Known Proto on Non Std Port **** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 160][Risk Info: Found IRC username (xxxxx) / Expected on port 194][TCP Fingerprint: 2_64_14600_2e3cee914fc1/Unknown][PLAIN TEXT (USER xx)][Plen Bins: 13,41,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0]
diff --git a/tests/cfgs/default/result/jabber.pcap.out b/tests/cfgs/default/result/jabber.pcap.out
index 5215c3937..2d59942aa 100644
--- a/tests/cfgs/default/result/jabber.pcap.out
+++ b/tests/cfgs/default/result/jabber.pcap.out
@@ -24,11 +24,11 @@ Jabber 358 61304 12
Acceptable 358 61304 12
- 1 TCP 172.16.0.62:57094 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13807 bytes][Goodput ratio: 49/80][2.17 sec][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 611/611 109/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 559/1514 104/415][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,24,9,13,4,6,9,0,2,2,2,0,0,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
- 2 TCP 172.16.0.62:57122 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13806 bytes][Goodput ratio: 49/80][2.16 sec][bytes ratio: -0.415 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 521/520 99/101][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 677/1514 116/415][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,22,9,15,4,7,9,0,2,2,2,0,0,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
+ 1 TCP 172.16.0.62:57094 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13807 bytes][Goodput ratio: 49/80][2.17 sec][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 611/611 109/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 559/1514 104/415][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,24,9,13,4,6,9,0,2,2,2,0,0,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
+ 2 TCP 172.16.0.62:57122 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13806 bytes][Goodput ratio: 49/80][2.16 sec][bytes ratio: -0.415 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 521/520 99/101][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 677/1514 116/415][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,22,9,15,4,7,9,0,2,2,2,0,0,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
3 TCP 172.16.0.62:57149 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 67/Jabber, Confidence: DPI][DPI packets: 1][cat: Web/5][21 pkts/2752 bytes <-> 17 pkts/3414 bytes][Goodput ratio: 50/67][656.22 sec][bytes ratio: -0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35858/700 600484/4996 141164/1575][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/201 305/529 77/137][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: No server to client traffic / Entropy: 5.068 (Executable?)][PLAIN TEXT (presence to)][Plen Bins: 0,18,0,22,18,9,18,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 172.16.0.62:57129 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 67/Jabber, Confidence: DPI][DPI packets: 1][cat: Web/5][16 pkts/2866 bytes <-> 9 pkts/2273 bytes][Goodput ratio: 63/74][423.43 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 23604/41249 136091/136094 40743/50152][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 179/253 769/481 173/115][PLAIN TEXT (iq type)][Plen Bins: 0,0,6,18,18,6,12,18,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 TCP 172.16.0.62:57147 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/1698 bytes <-> 12 pkts/1584 bytes][Goodput ratio: 38/49][0.42 sec][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/52 333/333 89/108][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/132 404/351 90/93][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (xml version)][Plen Bins: 30,0,0,10,10,30,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 TCP 172.16.0.62:57147 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/1698 bytes <-> 12 pkts/1584 bytes][Goodput ratio: 38/49][0.42 sec][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/52 333/333 89/108][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/132 404/351 90/93][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (xml version)][Plen Bins: 30,0,0,10,10,30,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 192.168.2.100:58388 <-> 160.44.201.102:5223 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][9 pkts/809 bytes <-> 6 pkts/455 bytes][Goodput ratio: 37/26][300.65 sec][bytes ratio: 0.280 (Upload)][IAT c2s/s2c min/avg/max/stddev: 13/1 30058/52574 209840/209871 73396/90816][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/76 221/91 51/13][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 12,63,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 192.168.2.100:34070 <-> 160.44.201.102:5223 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][9 pkts/808 bytes <-> 6 pkts/455 bytes][Goodput ratio: 37/26][279.71 sec][bytes ratio: 0.279 (Upload)][IAT c2s/s2c min/avg/max/stddev: 26/0 39051/68333 273088/273176 95545/118266][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/76 221/91 51/12][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 12,63,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP 192.168.2.100:41420 <-> 160.44.201.102:5223 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Web/5][8 pkts/791 bytes <-> 7 pkts/471 bytes][Goodput ratio: 43/15][35.65 sec][bytes ratio: 0.254 (Upload)][IAT c2s/s2c min/avg/max/stddev: 31/0 5924/67 35140/231 13066/91][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 99/67 221/91 53/11][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 28,28,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/jsonrpc.pcap.out b/tests/cfgs/default/result/jsonrpc.pcap.out
index 0f2fc7265..82ee598cb 100644
--- a/tests/cfgs/default/result/jsonrpc.pcap.out
+++ b/tests/cfgs/default/result/jsonrpc.pcap.out
@@ -24,5 +24,5 @@ JSON-RPC 16 2815 2
Acceptable 16 2815 2
- 1 TCP 192.168.8.251:51084 <-> 179.99.210.200:80 [proto: 7.375/HTTP.JSON-RPC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: RPC/16][4 pkts/1322 bytes <-> 4 pkts/843 bytes][Goodput ratio: 81/73][< 1 sec][Hostname/SNI: mdotti.dyndns.org][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 34/34 102/101 48/48][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 330/211 1124/566 458/209][URL: mdotti.dyndns.org/zabbix/jsrpc.php?output=json-rpc][StatusCode: 200][Req Content-Type: application/json-rpc][Content-Type: application/json-rpc][Server: Apache/2.2.16 (Debian)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete Apache server 2.2.16][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (POST /zabbix/jsrpc.php)][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.8.251:51084 <-> 179.99.210.200:80 [proto: 7.375/HTTP.JSON-RPC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: RPC/16][4 pkts/1322 bytes <-> 4 pkts/843 bytes][Goodput ratio: 81/73][< 1 sec][Hostname/SNI: mdotti.dyndns.org][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 34/34 102/101 48/48][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 330/211 1124/566 458/209][URL: mdotti.dyndns.org/zabbix/jsrpc.php?output=json-rpc][StatusCode: 200][Req Content-Type: application/json-rpc][Content-Type: application/json-rpc][Server: Apache/2.2.16 (Debian)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete Apache server 2.2.16][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (POST /zabbix/jsrpc.php)][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 127.0.0.1:36646 <-> 127.0.0.1:8080 [proto: 375/JSON-RPC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RPC/16][4 pkts/378 bytes <-> 4 pkts/272 bytes][Goodput ratio: 28/0][0.01 sec][bytes ratio: 0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 3/0 10/0 5/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/68 172/74 45/3][TCP Fingerprint: 2_64_33280_db1b9381215d/Unknown][PLAIN TEXT (sonrpc)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out
index de381325e..8a4c29870 100644
--- a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out
+++ b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out
@@ -31,10 +31,10 @@ Unrated 356 25081 2
1 TCP 172.16.238.10:48534 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][7 pkts/692 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 30/79][0.00 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 99/327 276/1420 72/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit Attempt **][Risk Score: 310][Risk Info: Found host 172.16.238.11 / Found mime exe java-vm / Suspicious Log4J][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (GET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0]
2 TCP 172.16.238.10:48444 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][6 pkts/624 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 33/79][0.01 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/2 3/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 104/327 276/1420 77/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit Attempt **][Risk Score: 310][Risk Info: Found host 172.16.238.11 / Found mime exe java-vm / Suspicious Log4J][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (GGET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0]
3 TCP 172.16.238.1:1984 <-> 172.16.238.10:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][5 pkts/994 bytes <-> 4 pkts/503 bytes][Goodput ratio: 65/44][19.29 sec][Hostname/SNI: 192.168.13.31][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/7 4822/6428 10256/10256 4838/4568][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 199/126 714/291 258/95][URL: 192.168.13.31:8080/log4shell/login][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: text/html][User-Agent: jndi:ldap://172.16.238.11:1389/a][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **** Possible Exploit Attempt **][Risk Score: 310][Risk Info: Found host 192.168.13.31 / Suspicious Log4J / Expected 172.16.238.10, found 192.168.13.31 / Expected on port 80][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (POST /log)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 172.16.238.10:57650 <-> 172.16.238.11:1389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: System/18][9 pkts/739 bytes <-> 8 pkts/727 bytes][Goodput ratio: 16/24][17.91 sec][bytes ratio: 0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 2545/3580 17700/17700 6187/7060][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 82/91 137/215 22/47][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (objectClass)][Plen Bins: 51,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 TCP 172.16.238.10:57742 <-> 172.16.238.11:1389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: System/18][9 pkts/739 bytes <-> 6 pkts/591 bytes][Goodput ratio: 16/30][0.02 sec][bytes ratio: 0.111 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 11/2 4/1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 82/98 137/215 22/52][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (objectClass)][Plen Bins: 51,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 172.16.238.10:57650 <-> 172.16.238.11:1389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: System/18][9 pkts/739 bytes <-> 8 pkts/727 bytes][Goodput ratio: 16/24][17.91 sec][bytes ratio: 0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 2545/3580 17700/17700 6187/7060][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 82/91 137/215 22/47][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 389][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (objectClass)][Plen Bins: 51,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 TCP 172.16.238.10:57742 <-> 172.16.238.11:1389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: System/18][9 pkts/739 bytes <-> 6 pkts/591 bytes][Goodput ratio: 16/30][0.02 sec][bytes ratio: 0.111 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 11/2 4/1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 82/98 137/215 22/52][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 389][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (objectClass)][Plen Bins: 51,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Undetected flows:
1 TCP 172.16.238.10:55408 <-> 10.10.10.31:9001 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 26][178 pkts/12940 bytes <-> 176 pkts/12009 bytes][Goodput ratio: 6/0][17.64 sec][bytes ratio: 0.037 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/124 7288/7288 623/831][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 73/68 78/89 3/2][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 172.16.238.10:55498 <-> 10.10.10.31:9001 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/76 bytes <-> 1 pkts/56 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 172.16.238.10:55498 <-> 10.10.10.31:9001 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/76 bytes <-> 1 pkts/56 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out
index b130702bd..92ad54c75 100644
--- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out
+++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out
@@ -37,11 +37,11 @@ JA3 Host Stats:
2 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44144 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.16 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
3 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44150 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
4 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44192 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
- 5 UDP [2a2f:8509:1cb2:466d:ecbf:69d6:109c:608]:62229 -> [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][9 pkts/2397 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][9.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1249/0 8358/0 2694/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 266/0 610/0 243/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (added.f)][Plen Bins: 44,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP [2a2f:8509:1cb2:466d:ecbf:69d6:109c:608]:62229 -> [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][9 pkts/2397 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][9.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1249/0 8358/0 2694/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 266/0 610/0 243/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (added.f)][Plen Bins: 44,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP [3069:c624:1d42:9469:98b1:67ff:fe43:325]:56131 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][11 pkts/1958 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][2.35 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/0 236/0 1183/0 350/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 178/0 214/0 41/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BHBeRjaHJ)][Plen Bins: 9,0,18,0,72,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP [2118:ec33:112b:7908:2c80:27ff:fef7:d71f]:48415 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][11 pkts/1742 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][2.97 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 279/0 1388/0 400/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 158/0 214/0 51/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (NGuJOnsW)][Plen Bins: 18,0,36,0,45,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27]:60506 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][11 pkts/1319 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][6.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 670/0 2769/0 758/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 120/0 431/0 99/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (added.f)][Plen Bins: 72,18,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][8.49 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [38b2:46b7:27a4:94c3:c134:948:e069:d71f]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][20.08 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27]:60506 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][11 pkts/1319 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][6.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 670/0 2769/0 758/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 120/0 431/0 99/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (added.f)][Plen Bins: 72,18,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][8.49 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [38b2:46b7:27a4:94c3:c134:948:e069:d71f]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][20.08 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP [3297:a1af:5121:cfc:360b:2e07:872f:1ea0]:43865 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][2 pkts/296 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][0.26 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BZ9/sp6)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/mongodb.pcap.out b/tests/cfgs/default/result/mongodb.pcap.out
index a4c48208c..2628a8a18 100644
--- a/tests/cfgs/default/result/mongodb.pcap.out
+++ b/tests/cfgs/default/result/mongodb.pcap.out
@@ -32,7 +32,7 @@ Unrated 3 230 1
1 TCP 10.10.10.16:51358 <-> 10.10.10.17:27017 [VLAN: 100][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][3 pkts/491 bytes <-> 1 pkts/78 bytes][Goodput ratio: 55/0][0.00 sec][TCP Fingerprint: 2_64_65535_37c89335710b/Unknown][PLAIN TEXT (admin.)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 10.10.10.10:51822 <-> 10.10.10.11:27017 [VLAN: 300][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][3 pkts/469 bytes <-> 1 pkts/78 bytes][Goodput ratio: 53/0][0.34 sec][TCP Fingerprint: 2_64_65535_d761c040be70/Unknown][PLAIN TEXT (admin.)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 10.10.10.18:64566 <-> 10.10.10.19:30000 [VLAN: 300][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][3 pkts/295 bytes <-> 1 pkts/78 bytes][Goodput ratio: 25/0][0.10 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_d761c040be70/Unknown][PLAIN TEXT (InactiveUserIdentity.)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 10.10.10.18:64566 <-> 10.10.10.19:30000 [VLAN: 300][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][3 pkts/295 bytes <-> 1 pkts/78 bytes][Goodput ratio: 25/0][0.10 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 27017][TCP Fingerprint: 2_64_65535_d761c040be70/Unknown][PLAIN TEXT (InactiveUserIdentity.)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 10.10.10.12:55582 <-> 10.10.10.13:27017 [VLAN: 300][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][3 pkts/281 bytes <-> 1 pkts/78 bytes][Goodput ratio: 21/0][0.16 sec][TCP Fingerprint: 2_64_65535_d761c040be70/Unknown][PLAIN TEXT (abtest.)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 10.10.10.14:61503 <-> 10.10.10.15:27017 [VLAN: 100][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][3 pkts/280 bytes <-> 1 pkts/78 bytes][Goodput ratio: 21/0][0.01 sec][TCP Fingerprint: 194_64_65535_37c89335710b/Unknown][PLAIN TEXT (admin.)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 10.10.10.10:51822 -> 10.10.10.11:27017 [VLAN: 50][proto: 60/MongoDB][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Database/11][2 pkts/152 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][0.34 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65535_d761c040be70/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/mysql.pcapng.out b/tests/cfgs/default/result/mysql.pcapng.out
index 1e069d96c..8345b0f6f 100644
--- a/tests/cfgs/default/result/mysql.pcapng.out
+++ b/tests/cfgs/default/result/mysql.pcapng.out
@@ -24,5 +24,5 @@ MySQL 41 7009 2
Acceptable 41 7009 2
- 1 TCP 192.168.88.231:36272 <-> 192.168.88.200:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][15 pkts/1822 bytes <-> 11 pkts/3715 bytes][Goodput ratio: 45/80][2.47 sec][bytes ratio: -0.342 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/6 2386/24 659/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 121/338 388/2284 94/622][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][PLAIN TEXT (8.0.36)][Plen Bins: 21,21,7,14,0,0,0,21,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7]
- 2 TCP 192.168.88.231:36732 <-> 192.168.88.201:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][9 pkts/862 bytes <-> 6 pkts/610 bytes][Goodput ratio: 30/34][2.27 sec][bytes ratio: 0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 318/0 2222/1 777/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 96/102 284/176 67/44][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][PLAIN TEXT (10.6.12)][Plen Bins: 34,16,16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.88.231:36272 <-> 192.168.88.200:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][15 pkts/1822 bytes <-> 11 pkts/3715 bytes][Goodput ratio: 45/80][2.47 sec][bytes ratio: -0.342 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/6 2386/24 659/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 121/338 388/2284 94/622][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][PLAIN TEXT (8.0.36)][Plen Bins: 21,21,7,14,0,0,0,21,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7]
+ 2 TCP 192.168.88.231:36732 <-> 192.168.88.201:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][9 pkts/862 bytes <-> 6 pkts/610 bytes][Goodput ratio: 30/34][2.27 sec][bytes ratio: 0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 318/0 2222/1 777/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 96/102 284/176 67/44][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][PLAIN TEXT (10.6.12)][Plen Bins: 34,16,16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out b/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out
index 852104b93..4e11e4406 100644
--- a/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out
+++ b/tests/cfgs/default/result/ndpi_match_string_subprotocol__error.pcapng.out
@@ -24,4 +24,4 @@ SOAP 13 2935 1
Acceptable 13 2935 1
- 1 TCP 10.3.9.19:40632 <-> 10.68.137.118:8091 [proto: 7.253/HTTP.SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: RPC/16][7 pkts/1546 bytes <-> 6 pkts/1389 bytes][Goodput ratio: 73/76][3438.13 sec][Hostname/SNI: 10.68.137.118][bytes ratio: 0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/29 687620/24940 3382709/49851 1347715/24911][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 221/232 1180/739 392/263][URL: 10.68.137.118:8091/Apcn/ApcRemoteService][StatusCode: 200][User-Agent: Jakarta Commons-HttpClient/3.0.1][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.68.137.118][TCP Fingerprint: 2_64_49640_8fe4205fb587/Unknown][PLAIN TEXT (POST /Apcn/ApcRemoteService HTT)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 10.3.9.19:40632 <-> 10.68.137.118:8091 [proto: 7.253/HTTP.SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: RPC/16][7 pkts/1546 bytes <-> 6 pkts/1389 bytes][Goodput ratio: 73/76][3438.13 sec][Hostname/SNI: 10.68.137.118][bytes ratio: 0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/29 687620/24940 3382709/49851 1347715/24911][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 221/232 1180/739 392/263][URL: 10.68.137.118:8091/Apcn/ApcRemoteService][StatusCode: 200][User-Agent: Jakarta Commons-HttpClient/3.0.1][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.68.137.118 / Expected on port 80][TCP Fingerprint: 2_64_49640_8fe4205fb587/Unknown][PLAIN TEXT (POST /Apcn/ApcRemoteService HTT)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/netease_games.pcapng.out b/tests/cfgs/default/result/netease_games.pcapng.out
index 537b28ba5..3b5be6c53 100644
--- a/tests/cfgs/default/result/netease_games.pcapng.out
+++ b/tests/cfgs/default/result/netease_games.pcapng.out
@@ -30,7 +30,7 @@ JA3 Host Stats:
1 192.168.88.231 1
- 1 TCP 192.168.88.231:50402 <-> 35.73.71.94:443 [proto: 91.402/TLS.NetEaseGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 402/NetEaseGames, Confidence: DNS][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/302 bytes][Goodput ratio: 71/32][0.56 sec][Hostname/SNI: data-detect.nie.easebar.com][bytes ratio: 0.411 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 140/140 280/281 140/140][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/101 583/162 242/43][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][TLSv1.2][JA3C: b502ea5e20e42ca41d28d47e8df496fa][JA4: t12d600600_a54dbbc9e493_8587f467d9ea][JA3S: 704239182a9091e4453fdbfe0fd17586][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.88.231:50402 <-> 35.73.71.94:443 [proto: 91.402/TLS.NetEaseGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 402/NetEaseGames, Confidence: DNS][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/302 bytes][Goodput ratio: 71/32][0.56 sec][Hostname/SNI: data-detect.nie.easebar.com][bytes ratio: 0.411 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 140/140 280/281 140/140][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/101 583/162 242/43][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][TLSv1.2][JA3C: b502ea5e20e42ca41d28d47e8df496fa][JA4: t12d600600_a54dbbc9e493_8587f467d9ea][JA3S: 704239182a9091e4453fdbfe0fd17586][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.88.231:58951 <-> 34.141.75.90:28203 [proto: 402/NetEaseGames][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 402/NetEaseGames, Confidence: DPI][DPI packets: 1][cat: Game/8][3 pkts/339 bytes <-> 2 pkts/414 bytes][Goodput ratio: 63/80][< 1 sec][PLAIN TEXT (9251381)][Plen Bins: 0,40,20,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.88.231:49377 <-> 172.17.8.75:53 [proto: 5.402/DNS.NetEaseGames][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.402/DNS.NetEaseGames, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/174 bytes <-> 2 pkts/398 bytes][Goodput ratio: 51/79][0.06 sec][Hostname/SNI: data-detect.nie.easebar.com][35.73.71.94][PLAIN TEXT (detect)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.88.231:56588 <-> 35.246.207.19:4513 [proto: 402/NetEaseGames][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 402/NetEaseGames, Confidence: DPI][DPI packets: 1][cat: Game/8][2 pkts/108 bytes <-> 1 pkts/60 bytes][Goodput ratio: 22/20][0.04 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/netflowv9.pcap.out b/tests/cfgs/default/result/netflowv9.pcap.out
index 417b98457..d9fe47ebf 100644
--- a/tests/cfgs/default/result/netflowv9.pcap.out
+++ b/tests/cfgs/default/result/netflowv9.pcap.out
@@ -24,4 +24,4 @@ NetFlow 10 13888 1
Acceptable 10 13888 1
- 1 UDP 192.168.2.134:48629 -> 192.168.2.222:2057 [proto: 128/NetFlow][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 128/NetFlow, Confidence: DPI][DPI packets: 1][cat: Network/14][10 pkts/13888 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 1362/0 1389/0 1418/0 23/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,30,20,0,0,0,0]
+ 1 UDP 192.168.2.134:48629 -> 192.168.2.222:2057 [proto: 128/NetFlow][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 128/NetFlow, Confidence: DPI][DPI packets: 1][cat: Network/14][10 pkts/13888 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 1362/0 1389/0 1418/0 23/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2055][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,30,20,0,0,0,0]
diff --git a/tests/cfgs/default/result/nfsv2.pcap.out b/tests/cfgs/default/result/nfsv2.pcap.out
index 4e074e9cd..02c346716 100644
--- a/tests/cfgs/default/result/nfsv2.pcap.out
+++ b/tests/cfgs/default/result/nfsv2.pcap.out
@@ -25,9 +25,9 @@ NFS 156 23144 7
Acceptable 156 23144 7
1 UDP 139.25.22.2:1023 <-> 139.25.22.102:2049 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][72 pkts/12640 bytes <-> 72 pkts/9284 bytes][Goodput ratio: 76/67][0.35 sec][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 40/40 7/7][Pkt Len c2s/s2c min/avg/max/stddev: 166/70 176/129 214/198 12/42][PLAIN TEXT (werrmsche)][Plen Bins: 13,2,0,30,49,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 139.25.22.2:671 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/102 bytes][Goodput ratio: 73/58][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 139.25.22.2:686 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/66 bytes][Goodput ratio: 73/36][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 UDP 139.25.22.2:3289 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 UDP 139.25.22.2:3291 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (139.25.22.102.8.1)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 UDP 139.25.22.2:3293 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 139.25.22.2:671 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/102 bytes][Goodput ratio: 73/58][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic / Expected on port 2049][PLAIN TEXT (werrmsche)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 139.25.22.2:686 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/66 bytes][Goodput ratio: 73/36][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic / Expected on port 2049][PLAIN TEXT (werrmsche)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 139.25.22.2:3289 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 2049][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 139.25.22.2:3291 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 2049][PLAIN TEXT (139.25.22.102.8.1)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 UDP 139.25.22.2:3293 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 2049][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 139.25.22.2:3292 <-> 139.25.22.102:2049 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/82 bytes <-> 1 pkts/66 bytes][Goodput ratio: 48/36][< 1 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/nfsv3.pcap.out b/tests/cfgs/default/result/nfsv3.pcap.out
index 6a302eb71..63458a44e 100644
--- a/tests/cfgs/default/result/nfsv3.pcap.out
+++ b/tests/cfgs/default/result/nfsv3.pcap.out
@@ -25,10 +25,10 @@ NFS 128 22816 8
Acceptable 128 22816 8
1 UDP 139.25.22.2:1022 <-> 139.25.22.102:2049 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][57 pkts/10398 bytes <-> 57 pkts/11038 bytes][Goodput ratio: 77/78][0.29 sec][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 50/50 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 170/74 182/194 226/342 15/82][PLAIN TEXT (werrmsche)][Plen Bins: 0,10,0,11,52,10,0,12,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 139.25.22.2:706 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/114 bytes][Goodput ratio: 73/63][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 139.25.22.2:722 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/66 bytes][Goodput ratio: 73/36][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (werrmsche)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 UDP 139.25.22.2:3295 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 UDP 139.25.22.2:3297 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (139.25.22.102.8.1)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 UDP 139.25.22.2:3299 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 UDP 139.25.22.2:3296 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/82 bytes <-> 1 pkts/66 bytes][Goodput ratio: 48/36][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 139.25.22.2:706 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/114 bytes][Goodput ratio: 73/63][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic / Expected on port 2049][PLAIN TEXT (werrmsche)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 139.25.22.2:722 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/158 bytes <-> 1 pkts/66 bytes][Goodput ratio: 73/36][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic / Expected on port 2049][PLAIN TEXT (werrmsche)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 139.25.22.2:3295 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 2049][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 139.25.22.2:3297 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 2049][PLAIN TEXT (139.25.22.102.8.1)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 UDP 139.25.22.2:3299 <-> 139.25.22.102:111 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/106 bytes <-> 1 pkts/90 bytes][Goodput ratio: 60/53][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 2049][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 139.25.22.2:3296 <-> 139.25.22.102:1048 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/82 bytes <-> 1 pkts/66 bytes][Goodput ratio: 48/36][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 2049][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 139.25.22.2:3298 <-> 139.25.22.102:2049 [proto: 11/NFS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 11/NFS, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/82 bytes <-> 1 pkts/66 bytes][Goodput ratio: 48/36][< 1 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/nomachine.pcapng.out b/tests/cfgs/default/result/nomachine.pcapng.out
index b69fb814a..bdb90c2a4 100644
--- a/tests/cfgs/default/result/nomachine.pcapng.out
+++ b/tests/cfgs/default/result/nomachine.pcapng.out
@@ -25,5 +25,5 @@ NoMachine 73 7085 2
Acceptable 73 7085 2
- 1 TCP 192.168.88.231:48084 <-> 192.168.88.208:4000 [proto: 378/NoMachine][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RemoteAccess/12][25 pkts/1903 bytes <-> 24 pkts/3906 bytes][Goodput ratio: 28/66][10.47 sec][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 442/486 7610/7654 1659/1752][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 76/163 184/1295 42/246][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found NoMachine][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][PLAIN TEXT (NoMachine)][Plen Bins: 14,45,11,18,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.88.231:48084 <-> 192.168.88.208:4000 [proto: 378/NoMachine][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RemoteAccess/12][25 pkts/1903 bytes <-> 24 pkts/3906 bytes][Goodput ratio: 28/66][10.47 sec][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 442/486 7610/7654 1659/1752][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 76/163 184/1295 42/246][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found NoMachine][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][PLAIN TEXT (NoMachine)][Plen Bins: 14,45,11,18,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.88.231:56019 <-> 192.168.88.208:4000 [proto: 378/NoMachine][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 378/NoMachine, Confidence: DPI][DPI packets: 1][cat: RemoteAccess/12][11 pkts/584 bytes <-> 13 pkts/692 bytes][Goodput ratio: 21/21][0.49 sec][bytes ratio: -0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 20/3 38/38 166/133 48/33][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 53/53 60/64 2/3][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: No server to client traffic / Found NoMachine][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/opc-ua.pcap.out b/tests/cfgs/default/result/opc-ua.pcap.out
index 1e9ab7be5..aa4422396 100644
--- a/tests/cfgs/default/result/opc-ua.pcap.out
+++ b/tests/cfgs/default/result/opc-ua.pcap.out
@@ -24,4 +24,4 @@ OPC-UA 381 45578 1
Acceptable 381 45578 1
- 1 TCP 127.0.0.1:57420 <-> 127.0.0.1:4840 [proto: 360/OPC-UA][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: IoT-Scada/31][191 pkts/23255 bytes <-> 190 pkts/22323 bytes][Goodput ratio: 54/52][0.01 sec][bytes ratio: 0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 122/117 222/664 68/84][TCP Fingerprint: 2_64_65535_99a660d3e328/Unknown][PLAIN TEXT (opc.tcp)][Plen Bins: 0,0,26,23,45,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 127.0.0.1:57420 <-> 127.0.0.1:4840 [proto: 360/OPC-UA][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: IoT-Scada/31][191 pkts/23255 bytes <-> 190 pkts/22323 bytes][Goodput ratio: 54/52][0.01 sec][bytes ratio: 0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 122/117 222/664 68/84][TCP Fingerprint: 2_64_65535_99a660d3e328/macOS][PLAIN TEXT (opc.tcp)][Plen Bins: 0,0,26,23,45,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out
index 3d5d9b871..418c6209f 100644
--- a/tests/cfgs/default/result/openvpn.pcap.out
+++ b/tests/cfgs/default/result/openvpn.pcap.out
@@ -26,13 +26,13 @@ NordVPN 15 7962 1
Acceptable 706 139146 10
- 1 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: VPN/2][62 pkts/11508 bytes <-> 58 pkts/16664 bytes][Goodput ratio: 77/85][19.24 sec][bytes ratio: -0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/106 3994/2456 764/365][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 186/287 1214/1287 193/325][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (160727093158Z)][Plen Bins: 0,33,19,9,29,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: VPN/2][62 pkts/11508 bytes <-> 58 pkts/16664 bytes][Goodput ratio: 77/85][19.24 sec][bytes ratio: -0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 289/106 3994/2456 764/365][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 186/287 1214/1287 193/325][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][PLAIN TEXT (160727093158Z)][Plen Bins: 0,33,19,9,29,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0]
2 TCP 10.181.235.122:39772 <-> 10.251.71.30:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][100 pkts/13594 bytes <-> 95 pkts/13987 bytes][Goodput ratio: 51/55][32.02 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 245/317 3842/9253 675/1172][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/147 472/542 78/90][TCP Fingerprint: 2_64_14600_d227986fac6c/Unknown][PLAIN TEXT (121031022835Z)][Plen Bins: 35,13,1,39,1,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 3.111.166.78:51146 <-> 85.134.13.165:1194 [proto: 159/OpenVPN][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 2][cat: VPN/2][51 pkts/7057 bytes <-> 49 pkts/8409 bytes][Goodput ratio: 70/76][17.72 sec][bytes ratio: -0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 343/338 4127/4124 897/934][Pkt Len c2s/s2c min/avg/max/stddev: 60/64 138/172 168/1242 35/312][PLAIN TEXT (New York1)][Plen Bins: 48,4,1,40,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][44 pkts/7514 bytes <-> 51 pkts/7866 bytes][Goodput ratio: 61/57][64.13 sec][bytes ratio: -0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1298/1400 11356/11265 2924/3289][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/154 1514/222 236/63][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][TCP Fingerprint: 2_64_29200_d227986fac6c/Unknown][PLAIN TEXT (160630002150Z)][Plen Bins: 0,39,0,4,51,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
- 5 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][49 pkts/7860 bytes <-> 34 pkts/5699 bytes][Goodput ratio: 74/75][9.11 sec][bytes ratio: 0.159 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/137 3857/2389 691/464][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 160/168 1214/196 192/31][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (160727093158Z)][Plen Bins: 0,40,14,8,30,2,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][49 pkts/7860 bytes <-> 34 pkts/5699 bytes][Goodput ratio: 74/75][9.11 sec][bytes ratio: 0.159 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/137 3857/2389 691/464][Pkt Len c2s/s2c min/avg/max/stddev: 84/92 160/168 1214/196 192/31][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][PLAIN TEXT (160727093158Z)][Plen Bins: 0,40,14,8,30,2,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 127.0.0.1:36138 <-> 127.0.0.1:443 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: VPN/2][23 pkts/5552 bytes <-> 23 pkts/5854 bytes][Goodput ratio: 77/77][1.55 sec][bytes ratio: -0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 69/85 1049/1050 238/247][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 241/255 1514/1440 378/396][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (Rj.shh)][Plen Bins: 0,5,45,5,0,0,0,0,0,0,0,10,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,10,0,0,0,0,0,0,0,5,0,5,0,0]
7 UDP 192.168.12.156:41133 <-> 107.161.86.131:443 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: VPN/2][21 pkts/3745 bytes <-> 10 pkts/5947 bytes][Goodput ratio: 76/93][1.13 sec][bytes ratio: -0.227 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/68 316/253 83/100][Pkt Len c2s/s2c min/avg/max/stddev: 114/136 178/595 791/1170 150/425][Risk: ** Known Proto on Non Std Port **** Susp Entropy **][Risk Score: 60][Risk Info: Entropy: 5.932 (Executable?) / Expected on port 1194][PLAIN TEXT (qIasglO)][Plen Bins: 0,0,49,16,3,3,0,0,3,0,6,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,6,3,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP 192.168.12.156:37383 <-> 217.138.197.43:1234 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 4][cat: VPN/2][7 pkts/1911 bytes <-> 8 pkts/6051 bytes][Goodput ratio: 85/94][0.06 sec][bytes ratio: -0.520 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/8 36/37 14/14][Pkt Len c2s/s2c min/avg/max/stddev: 128/136 273/756 782/1158 228/451][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,13,34,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.156:37383 <-> 217.138.197.43:1234 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 4][cat: VPN/2][7 pkts/1911 bytes <-> 8 pkts/6051 bytes][Goodput ratio: 85/94][0.06 sec][bytes ratio: -0.520 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/8 36/37 14/14][Pkt Len c2s/s2c min/avg/max/stddev: 128/136 273/756 782/1158 228/451][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1194][Plen Bins: 0,0,13,34,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 69.197.143.179:443 -> 10.0.2.15:60201 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: VPN/2][11 pkts/6593 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][2.33 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 259/0 1305/0 430/0][Pkt Len c2s/s2c min/avg/max/stddev: 64/0 599/0 1268/0 521/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Expected on port 1194][PLAIN TEXT (RDNTzW)][Plen Bins: 27,0,9,0,0,0,9,0,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,9,0,0,0,0,0,0,0,0,0]
10 UDP 192.168.75.18:60201 -> 166.161.181.18:443 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: VPN/2][10 pkts/3335 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][0.31 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/0 152/0 62/0][Pkt Len c2s/s2c min/avg/max/stddev: 56/0 334/0 1242/0 458/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 1194][Plen Bins: 60,0,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/opera-vpn.pcapng.out b/tests/cfgs/default/result/opera-vpn.pcapng.out
index efefdbecd..392a72bd8 100644
--- a/tests/cfgs/default/result/opera-vpn.pcapng.out
+++ b/tests/cfgs/default/result/opera-vpn.pcapng.out
@@ -95,4 +95,4 @@ JA3 Host Stats:
59 TCP 192.168.1.29:51405 <-> 77.111.247.69:443 [proto: 91.339/TLS.OperaVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][17 pkts/3753 bytes <-> 17 pkts/6564 bytes][Goodput ratio: 70/83][3.18 sec][Hostname/SNI: eu0.sec-tunnel.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/8 35/28 14/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 221/386 1491/1506 359/479][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.3][JA3C: 44f9748950032beeac19dc7e2f233d77][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,6,0,0,6,0,0,0,0,0,6,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,6,6,0,0]
60 TCP 192.168.1.29:51452 <-> 77.111.247.69:443 [proto: 91.339/TLS.OperaVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][19 pkts/4568 bytes <-> 18 pkts/5685 bytes][Goodput ratio: 72/79][0.22 sec][Hostname/SNI: eu0.sec-tunnel.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.109 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/9 33/68 12/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 240/316 1483/1506 346/442][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.3][JA3C: 21da300403df11ae32db088408a85dc4][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,19,19,5,0,0,0,0,5,0,0,0,0,0,5,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,5,5,0,0]
61 TCP 192.168.1.29:51466 <-> 77.111.247.69:443 [proto: 91.339/TLS.OperaVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][7 pkts/2470 bytes <-> 4 pkts/2788 bytes][Goodput ratio: 81/90][0.06 sec][Hostname/SNI: eu0.sec-tunnel.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/10 29/28 14/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 353/697 1481/1506 492/640][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.3][JA3C: d47894a5f64c516049e142a21f8c9ce3][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,20,20,0,0]
- 62 TCP 192.168.1.29:51457 <-> 77.111.247.69:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_65535_d29295416479/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 62 TCP 192.168.1.29:51457 <-> 77.111.247.69:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_65535_d29295416479/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
index 79ddd08a6..4fa9e5a78 100644
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
@@ -32,7 +32,7 @@ WireGuard 4 592 2
Acceptable 101 35154 8
- 1 TCP 192.168.0.1:8787 <-> 10.10.10.1:32177 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: RemoteAccess/12][25 pkts/14755 bytes <-> 34 pkts/16693 bytes][Goodput ratio: 90/89][2.12 sec][bytes ratio: -0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 79/59 277/257 105/90][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 590/491 1514/1514 585/593][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (XDsiBZ)][Plen Bins: 0,19,2,5,2,0,0,0,0,0,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,15,5,0,2,2,2,0,0,0,0,0,0,29,0,0]
+ 1 TCP 192.168.0.1:8787 <-> 10.10.10.1:32177 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: RemoteAccess/12][25 pkts/14755 bytes <-> 34 pkts/16693 bytes][Goodput ratio: 90/89][2.12 sec][bytes ratio: -0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 79/59 277/257 105/90][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 590/491 1514/1514 585/593][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 5938][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (XDsiBZ)][Plen Bins: 0,19,2,5,2,0,0,0,0,0,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,15,5,0,2,2,2,0,0,0,0,0,0,29,0,0]
2 TCP 172.16.20.244:59038 <-> 172.16.20.75:5432 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Database/11][6 pkts/416 bytes <-> 4 pkts/273 bytes][Goodput ratio: 2/0][0.02 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 17/18 7/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 69/68 78/74 5/3][TCP Fingerprint: 194_64_65535_d29295416479/macOS][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 127.0.0.1:54898 <-> 127.0.0.1:1299 [proto: 101/TruPhone][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: VoIP/10][5 pkts/457 bytes <-> 3 pkts/206 bytes][Goodput ratio: 26/0][8.94 sec][bytes ratio: 0.379 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7477 2235/7477 7477/7477 3085/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/69 185/74 47/4][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (stream)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 127.0.0.1:55536 <-> 127.0.0.1:1299 [proto: 101/TruPhone][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: VoIP/10][5 pkts/457 bytes <-> 3 pkts/206 bytes][Goodput ratio: 26/0][20.44 sec][bytes ratio: 0.379 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6290 5110/6290 14151/6290 5817/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/69 185/74 47/4][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (stream)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/path_of_exile.pcapng.out b/tests/cfgs/default/result/path_of_exile.pcapng.out
index dde7bcc32..fab100483 100644
--- a/tests/cfgs/default/result/path_of_exile.pcapng.out
+++ b/tests/cfgs/default/result/path_of_exile.pcapng.out
@@ -24,4 +24,4 @@ PathofExile 4 311 1
Fun 4 311 1
- 1 TCP 192.168.88.231:36262 <-> 198.50.120.150:6112 [proto: 403/PathofExile][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][3 pkts/237 bytes <-> 1 pkts/74 bytes][Goodput ratio: 13/0][0.14 sec][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.88.231:36262 <-> 198.50.120.150:6112 [proto: 403/PathofExile][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][3 pkts/237 bytes <-> 1 pkts/74 bytes][Goodput ratio: 13/0][0.14 sec][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/pgsql2.pcapng.out b/tests/cfgs/default/result/pgsql2.pcapng.out
index 737f50ff2..1ed44dc28 100644
--- a/tests/cfgs/default/result/pgsql2.pcapng.out
+++ b/tests/cfgs/default/result/pgsql2.pcapng.out
@@ -24,4 +24,4 @@ PostgreSQL 19 3076 1
Acceptable 19 3076 1
- 1 TCP 10.220.20.67:58574 <-> 10.220.20.67:60102 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Database/11][10 pkts/1252 bytes <-> 9 pkts/1824 bytes][Goodput ratio: 64/78][0.01 sec][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 2/2 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 44/44 125/203 372/1360 119/410][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_65535_7eab44e4c8df/Unknown][Plen Bins: 25,0,12,25,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0]
+ 1 TCP 10.220.20.67:58574 <-> 10.220.20.67:60102 [proto: 19/PostgreSQL][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Database/11][10 pkts/1252 bytes <-> 9 pkts/1824 bytes][Goodput ratio: 64/78][0.01 sec][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 2/2 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 44/44 125/203 372/1360 119/410][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 5432][TCP Fingerprint: 2_128_65535_7eab44e4c8df/Unknown][Plen Bins: 25,0,12,25,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/profinet-io-le.pcap.out b/tests/cfgs/default/result/profinet-io-le.pcap.out
index fd8e02a2a..9330ce68c 100644
--- a/tests/cfgs/default/result/profinet-io-le.pcap.out
+++ b/tests/cfgs/default/result/profinet-io-le.pcap.out
@@ -24,4 +24,4 @@ PROFINET_IO 2 516 1
Acceptable 2 516 1
- 1 UDP 10.10.0.150:1566 <-> 10.10.0.129:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/206 bytes <-> 1 pkts/310 bytes][Goodput ratio: 79/86][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 10.10.0.150:1566 <-> 10.10.0.129:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/206 bytes <-> 1 pkts/310 bytes][Goodput ratio: 79/86][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 135][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/quic-33.pcapng.out b/tests/cfgs/default/result/quic-33.pcapng.out
index 301a7d882..bfe8b278a 100644
--- a/tests/cfgs/default/result/quic-33.pcapng.out
+++ b/tests/cfgs/default/result/quic-33.pcapng.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
1 ::1 1
- 1 UDP [::1]:51430 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/1618 bytes <-> 4 pkts/3718 bytes][Goodput ratio: 88/93][0.00 sec][(Advertised) ALPNs: h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/0 3/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 115/117 539/930 1294/1502 535/533][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic / SNI should always be present / h3-33][TLSv1.3][QUIC ver: V-1][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][PLAIN TEXT (NLZzZw)][Plen Bins: 0,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,14,0,0]
+ 1 UDP [::1]:51430 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/1618 bytes <-> 4 pkts/3718 bytes][Goodput ratio: 88/93][0.00 sec][(Advertised) ALPNs: h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/0 3/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 115/117 539/930 1294/1502 535/533][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic / SNI should always be present / h3-33 / Expected on port 443][TLSv1.3][QUIC ver: V-1][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][PLAIN TEXT (NLZzZw)][Plen Bins: 0,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,14,0,0]
diff --git a/tests/cfgs/default/result/quic-34.pcap.out b/tests/cfgs/default/result/quic-34.pcap.out
index 927591cee..a708246a6 100644
--- a/tests/cfgs/default/result/quic-34.pcap.out
+++ b/tests/cfgs/default/result/quic-34.pcap.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
1 192.168.56.1 1
- 1 UDP 192.168.56.1:55880 <-> 192.168.56.198:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes <-> 3 pkts/3542 bytes][Goodput ratio: 97/96][0.00 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic / SNI should always be present / h3-34][TLSv1.3][QUIC ver: Draft-34][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,25,0,0]
+ 1 UDP 192.168.56.1:55880 <-> 192.168.56.198:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes <-> 3 pkts/3542 bytes][Goodput ratio: 97/96][0.00 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic / SNI should always be present / h3-34 / Expected on port 443][TLSv1.3][QUIC ver: Draft-34][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,25,0,0]
diff --git a/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out b/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out
index 132150caa..28cb81fd8 100644
--- a/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out
+++ b/tests/cfgs/default/result/quic-forcing-vn-with-data.pcapng.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
1 192.168.56.103 1
- 1 UDP 192.168.56.103:55523 <-> 192.168.56.104:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 3][cat: Web/5][13 pkts/6012 bytes <-> 8 pkts/3027 bytes][Goodput ratio: 91/89][0.01 sec][(Advertised) ALPNs: h3;h3-29;h3-28;h3-27;hq-interop;hq-29;hq-28;hq-27;http/0.9][TLS Supported Versions: TLSv1.3][bytes ratio: 0.330 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 85/86 462/378 1242/1242 522/371][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: SNI should always be present / h3][TLSv1.3][QUIC ver: V-1][JA3C: 86871fd0d48de0c82beec154cd3f1744][JA4: q13d0307h3_55b375c5d22e_f0736a66fa6b][PLAIN TEXT (quiche)][Plen Bins: 0,44,4,9,0,0,4,0,4,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.56.103:55523 <-> 192.168.56.104:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 3][cat: Web/5][13 pkts/6012 bytes <-> 8 pkts/3027 bytes][Goodput ratio: 91/89][0.01 sec][(Advertised) ALPNs: h3;h3-29;h3-28;h3-27;hq-interop;hq-29;hq-28;hq-27;http/0.9][TLS Supported Versions: TLSv1.3][bytes ratio: 0.330 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 85/86 462/378 1242/1242 522/371][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: Expected on port 443 / SNI should always be present / h3][TLSv1.3][QUIC ver: V-1][JA3C: 86871fd0d48de0c82beec154cd3f1744][JA4: q13d0307h3_55b375c5d22e_f0736a66fa6b][PLAIN TEXT (quiche)][Plen Bins: 0,44,4,9,0,0,4,0,4,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out b/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out
index 066720ac0..0b8f8794e 100644
--- a/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out
+++ b/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out
@@ -24,4 +24,4 @@ QUIC 1 1280 1
Acceptable 1 1280 1
- 1 UDP 255.255.255.255:8224 -> 255.255.255.32:8224 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1280 bytes -> 0 pkts/0 bytes][Goodput ratio: 98/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: SNI should be present all time: attack ?][QUIC ver: Q024][PLAIN TEXT ( )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 1 UDP 255.255.255.255:8224 -> 255.255.255.32:8224 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1280 bytes -> 0 pkts/0 bytes][Goodput ratio: 98/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: SNI should be present all time: attack ? / Expected on port 443][QUIC ver: Q024][PLAIN TEXT ( )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/quic-v2.pcapng.out b/tests/cfgs/default/result/quic-v2.pcapng.out
index 4a4391c94..69866e72c 100644
--- a/tests/cfgs/default/result/quic-v2.pcapng.out
+++ b/tests/cfgs/default/result/quic-v2.pcapng.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
1 ::1 1
- 1 UDP [::1]:42086 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][8 pkts/2734 bytes <-> 11 pkts/10236 bytes][Goodput ratio: 81/93][0.54 sec][Hostname/SNI: test][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][bytes ratio: -0.578 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 90/44 251/100 114/43][Pkt Len c2s/s2c min/avg/max/stddev: 119/119 342/931 1296/2098 370/669][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: V-2][JA3C: 5e685944fc983af5eabcc813add3dca1][JA4: q13d0310h0_55b375c5d22e_0a3b52e28cea][Plen Bins: 0,26,0,0,5,15,0,0,0,5,0,0,0,10,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,21,0,5]
+ 1 UDP [::1]:42086 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][8 pkts/2734 bytes <-> 11 pkts/10236 bytes][Goodput ratio: 81/93][0.54 sec][Hostname/SNI: test][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][bytes ratio: -0.578 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 90/44 251/100 114/43][Pkt Len c2s/s2c min/avg/max/stddev: 119/119 342/931 1296/2098 370/669][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][TLSv1.3][QUIC ver: V-2][JA3C: 5e685944fc983af5eabcc813add3dca1][JA4: q13d0310h0_55b375c5d22e_0a3b52e28cea][Plen Bins: 0,26,0,0,5,15,0,0,0,5,0,0,0,10,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,21,0,5]
diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out
index 9c025cc28..887d7364c 100644
--- a/tests/cfgs/default/result/quic.pcap.out
+++ b/tests/cfgs/default/result/quic.pcap.out
@@ -33,7 +33,7 @@ Fun 85 76193 5
1 UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.122/QUIC.GMail, Confidence: DPI][DPI packets: 1][cat: Email/3][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Goodput ratio: 72/95][37.93 sec][Hostname/SNI: mail.google.com][bytes ratio: -0.812 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 303/161 21144/21225 1960/1485][Pkt Len c2s/s2c min/avg/max/stddev: 67/61 149/916 1392/1392 207/581][User-Agent: beta Chrome/43.0.2357.45][QUIC ver: Q024][PLAIN TEXT (mail.google.com)][Plen Bins: 4,37,1,5,3,0,3,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0]
2 UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Goodput ratio: 80/97][1.00 sec][Hostname/SNI: www.youtube.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 52/26 803/828 183/134][Pkt Len c2s/s2c min/avg/max/stddev: 79/61 211/1208 1392/1392 358/430][User-Agent: Chrome/50.0.2661.102 Linux x86_64][QUIC ver: Q030][PLAIN TEXT (www.youtube.com)][Plen Bins: 1,35,1,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,57,0,0,0,0,0]
- 3 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][6 pkts/7072 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][4.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 800/0 1749/0 595/0][Pkt Len c2s/s2c min/avg/max/stddev: 112/0 1179/0 1392/0 477/0][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / SNI should be present all time: attack ?][QUIC ver: Q033][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0]
+ 3 UDP 10.0.0.4:40134 -> 10.0.0.3:6121 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][6 pkts/7072 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][4.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 800/0 1749/0 595/0][Pkt Len c2s/s2c min/avg/max/stddev: 112/0 1179/0 1392/0 477/0][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / SNI should be present all time: attack ? / Expected on port 443][QUIC ver: Q033][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0]
4 UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][4 pkts/3682 bytes <-> 3 pkts/2863 bytes][Goodput ratio: 95/96][0.10 sec][Hostname/SNI: www.youtube.com][bytes ratio: 0.125 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 22/20 33/10 52/20 13/10][Pkt Len c2s/s2c min/avg/max/stddev: 82/79 920/954 1392/1392 538/619][User-Agent: Chrome/49.0.2623.87 Linux x86_64][QUIC ver: Q025][PLAIN TEXT (www.youtube.com)][Plen Bins: 0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0]
5 UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/2866 bytes <-> 3 pkts/2863 bytes][Goodput ratio: 96/96][0.10 sec][Hostname/SNI: fonts.gstatic.com][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 25/21 50/10 74/21 24/10][Pkt Len c2s/s2c min/avg/max/stddev: 82/79 955/954 1392/1392 618/619][User-Agent: Chrome/49.0.2623.87 Linux x86_64][QUIC ver: Q025][PLAIN TEXT (fonts.gstatic.com)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0]
6 UDP 192.168.1.105:55934 <-> 216.58.201.238:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][2 pkts/2784 bytes <-> 2 pkts/2784 bytes][Goodput ratio: 97/97][0.09 sec][Hostname/SNI: s.ytimg.com][User-Agent: Chrome/49.0.2623.87 Linux x86_64][QUIC ver: Q025][PLAIN TEXT (s.ytimg.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out
index 2c1602ded..d0eb13748 100644
--- a/tests/cfgs/default/result/quic_0RTT.pcap.out
+++ b/tests/cfgs/default/result/quic_0RTT.pcap.out
@@ -32,4 +32,4 @@ JA3 Host Stats:
1 UDP 192.168.2.100:51972 <-> 142.250.181.227:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 3][cat: Web/5][7 pkts/2168 bytes <-> 8 pkts/3010 bytes][Goodput ratio: 86/89][0.23 sec][Hostname/SNI: ssl.gstatic.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/10 121/30 45/14][Pkt Len c2s/s2c min/avg/max/stddev: 75/67 310/376 1292/1292 416/426][TLSv1.3][QUIC ver: V-1][JA3C: 06b6b2a2cba0b7deeaaa6a3d8374d627][JA4: q13d0312h0_55b375c5d22e_73e2d9e6cde6][Plen Bins: 26,20,20,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0]
- 2 UDP [::1]:60459 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/1294 bytes][Goodput ratio: 95/95][0.00 sec][Hostname/SNI: abcd][(Advertised) ALPNs: h3-32][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-28][JA3C: a7b629a5bd67bfc25e2c78b3daa4c12f][JA4: q00d0310h3_55b375c5d22e_060ec1c6a056][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+ 2 UDP [::1]:60459 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/1294 bytes][Goodput ratio: 95/95][0.00 sec][Hostname/SNI: abcd][(Advertised) ALPNs: h3-32][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][TLSv1.3][QUIC ver: Draft-28][JA3C: a7b629a5bd67bfc25e2c78b3daa4c12f][JA4: q00d0310h3_55b375c5d22e_060ec1c6a056][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out b/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out
index 2e0b6c280..7e8ee9135 100644
--- a/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out
+++ b/tests/cfgs/default/result/quic_frags_ch_in_multiple_packets.pcapng.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
1 ::1 1
- 1 UDP [::1]:58822 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/1410 bytes][Goodput ratio: 95/91][0.01 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic / SNI should always be present / h3-34][TLSv1.3][QUIC ver: V-1][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0]
+ 1 UDP [::1]:58822 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/1410 bytes][Goodput ratio: 95/91][0.01 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: No server to client traffic / Expected on port 443 / SNI should always be present / h3-34][TLSv1.3][QUIC ver: V-1][JA3C: 0299b052ace53a14c3a04aceb5efd247][JA4: q00d0307h3_55b375c5d22e_af0a630e9e67][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/quic_interop_V.pcapng.out b/tests/cfgs/default/result/quic_interop_V.pcapng.out
index f84b80d49..2d214f2b7 100644
--- a/tests/cfgs/default/result/quic_interop_V.pcapng.out
+++ b/tests/cfgs/default/result/quic_interop_V.pcapng.out
@@ -29,72 +29,72 @@ Acceptable 246 242924 77
1 UDP 192.168.1.128:34511 -> 131.159.24.198:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1419/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (SezYZO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
2 UDP 192.168.1.128:37643 -> 71.202.41.169:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 243/0 1426/0 4801/0 1546/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (tIABbj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.1.128:42468 -> 138.91.188.147:4433 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1425/0 4800/0 1548/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.1.128:42468 -> 138.91.188.147:4433 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1425/0 4800/0 1548/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
4 UDP 192.168.1.128:46334 -> 40.112.191.60:443 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 241/0 1426/0 4801/0 1545/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
5 UDP 192.168.1.128:49658 -> 193.190.10.98:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.96 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 6 UDP 192.168.1.128:50705 -> 138.91.188.147:4434 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.86 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1409/0 4800/0 1558/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 7 UDP 192.168.1.128:53402 -> 3.121.242.54:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 8 UDP 192.168.1.128:59171 -> 193.190.10.98:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1420/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 9 UDP 192.168.1.128:59515 -> 193.190.10.98:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.84 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1406/0 4800/0 1560/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 10 UDP 192.168.1.128:60784 -> 3.121.242.54:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1424/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 11 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:32957 -> [2606:4700:10::6816:826]:4433 [proto: 188/QUIC][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1427/0 4800/0 1547/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (uhbU.2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
- 12 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:41857 -> [2606:4700:10::6816:826]:4434 [proto: 188/QUIC][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.86 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 151/0 1408/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+ 6 UDP 192.168.1.128:50705 -> 138.91.188.147:4434 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.86 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1409/0 4800/0 1558/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 7 UDP 192.168.1.128:53402 -> 3.121.242.54:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.1.128:59171 -> 193.190.10.98:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1420/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 9 UDP 192.168.1.128:59515 -> 193.190.10.98:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.84 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1406/0 4800/0 1560/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 10 UDP 192.168.1.128:60784 -> 3.121.242.54:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1424/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 11 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:32957 -> [2606:4700:10::6816:826]:4433 [proto: 188/QUIC][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1427/0 4800/0 1547/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][PLAIN TEXT (uhbU.2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+ 12 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:41857 -> [2606:4700:10::6816:826]:4434 [proto: 188/QUIC][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.86 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 151/0 1408/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
13 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:46242 -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:443 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.85 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1407/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (QQ/o746)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
14 ICMPV6 [2400:8902::f03c:91ff:fe69:a454]:0 <-> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/2588 bytes <-> 2 pkts/290 bytes][Goodput ratio: 95/57][0.32 sec][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 15 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44924 <-> [2400:8902::f03c:91ff:fe69:a454]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.38 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 16 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56213 <-> [2400:8902::f03c:91ff:fe69:a454]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.42 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 15 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44924 <-> [2400:8902::f03c:91ff:fe69:a454]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.38 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 16 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56213 <-> [2400:8902::f03c:91ff:fe69:a454]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.42 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
17 UDP 192.168.1.128:39975 <-> 138.91.188.147:443 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/170 bytes][Goodput ratio: 97/50][0.33 sec][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
- 18 UDP 192.168.1.128:35263 <-> 202.238.220.92:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
+ 18 UDP 192.168.1.128:35263 <-> 202.238.220.92:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
19 UDP 192.168.1.128:38933 <-> 202.238.220.92:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
- 20 UDP 192.168.1.128:46576 <-> 40.112.191.60:4433 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.33 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
- 21 UDP 192.168.1.128:53791 <-> 40.112.191.60:4434 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.34 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
+ 20 UDP 192.168.1.128:46576 <-> 40.112.191.60:4433 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.33 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
+ 21 UDP 192.168.1.128:53791 <-> 40.112.191.60:4434 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.34 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
22 UDP 192.168.1.128:37784 <-> 140.227.52.92:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
23 UDP 192.168.1.128:42456 <-> 133.242.206.244:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.45 sec][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
- 24 UDP 192.168.1.128:44619 <-> 140.227.52.92:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (GypODF)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
- 25 UDP 192.168.1.128:45855 <-> 133.242.206.244:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.46 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
- 26 UDP 192.168.1.128:57926 <-> 140.227.52.92:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.43 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
- 27 UDP 192.168.1.128:37661 -> 71.202.41.169:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 28 UDP 192.168.1.128:38366 -> 202.238.220.92:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 29 UDP 192.168.1.128:49151 -> 133.242.206.244:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.18 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 30 UDP 192.168.1.128:50289 -> 71.202.41.169:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (dCEQah)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 24 UDP 192.168.1.128:44619 <-> 140.227.52.92:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][PLAIN TEXT (GypODF)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
+ 25 UDP 192.168.1.128:45855 <-> 133.242.206.244:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.46 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
+ 26 UDP 192.168.1.128:57926 <-> 140.227.52.92:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.43 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
+ 27 UDP 192.168.1.128:37661 -> 71.202.41.169:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 28 UDP 192.168.1.128:38366 -> 202.238.220.92:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 29 UDP 192.168.1.128:49151 -> 133.242.206.244:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.18 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 30 UDP 192.168.1.128:50289 -> 71.202.41.169:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][PLAIN TEXT (dCEQah)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
31 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38077 -> [2400:8902::f03c:91ff:fe69:a454]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.15 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
32 ICMPV6 [2001:19f0:4:34::1]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.06 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
33 ICMPV6 [2001:19f0:5:c21:5400:1ff:fe33:3b96]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.17 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (bSuZ88)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
34 ICMP 51.158.105.98:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/1770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.20 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 7.655 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 35 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38394 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.14 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 36 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52080 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.13 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 37 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51040 <-> [2604:a880:800:a1::1279:3001]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][PLAIN TEXT (bOP/lk)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 38 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53760 <-> [2604:a880:800:a1::1279:3001]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 35 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38394 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.14 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 36 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52080 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.13 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 37 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51040 <-> [2604:a880:800:a1::1279:3001]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][PLAIN TEXT (bOP/lk)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 38 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53760 <-> [2604:a880:800:a1::1279:3001]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
39 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:48707 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][QUIC ver: Ver-Negotiation][PLAIN TEXT (BykFtI)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 40 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52271 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 41 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60983 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 42 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:35643 <-> [2001:19f0:4:34::1]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 40 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52271 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 41 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60983 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 42 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:35643 <-> [2001:19f0:4:34::1]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
43 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:37876 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 44 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39945 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 45 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44605 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 46 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:45852 <-> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 44 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39945 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 45 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44605 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 46 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:45852 <-> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
47 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:46353 <-> [2606:4700:10::6816:826]:443 [proto: 188/QUIC][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.02 sec][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 48 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49788 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 49 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53140 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 50 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49270 <-> [2001:bc8:47a4:1c25::1]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.04 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 51 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51185 <-> [2001:bc8:47a4:1c25::1]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 48 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49788 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 49 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53140 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 50 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49270 <-> [2001:bc8:47a4:1c25::1]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.04 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
+ 51 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51185 <-> [2001:bc8:47a4:1c25::1]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
52 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60346 <-> [2001:bc8:47a4:1c25::1]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
53 ICMP 202.238.220.92:0 <-> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/1180 bytes <-> 2 pkts/194 bytes][Goodput ratio: 93/56][0.28 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: No server to client traffic / Entropy: 7.598 (Encrypted or Random?)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
54 UDP 192.168.1.128:34903 <-> 18.189.84.245:443 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/77 bytes][Goodput ratio: 97/45][0.13 sec][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
- 55 UDP 192.168.1.128:43475 <-> 18.189.84.245:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/73 bytes][Goodput ratio: 97/42][0.12 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
+ 55 UDP 192.168.1.128:43475 <-> 18.189.84.245:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/73 bytes][Goodput ratio: 97/42][0.12 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
56 ICMP 133.242.206.244:0 <-> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/1180 bytes <-> 2 pkts/178 bytes][Goodput ratio: 93/53][0.22 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: No server to client traffic / Entropy: 7.612 (Encrypted or Random?)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 57 UDP 192.168.1.128:41587 -> 131.159.24.198:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 58 UDP 192.168.1.128:43735 -> 51.158.105.98:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 59 UDP 192.168.1.128:45250 -> 51.158.105.98:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 57 UDP 192.168.1.128:41587 -> 131.159.24.198:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 58 UDP 192.168.1.128:43735 -> 51.158.105.98:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 59 UDP 192.168.1.128:45250 -> 51.158.105.98:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
60 UDP 192.168.1.128:47010 -> 3.121.242.54:443 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 61 UDP 192.168.1.128:48644 -> 131.159.24.198:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 61 UDP 192.168.1.128:48644 -> 131.159.24.198:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
62 UDP 192.168.1.128:51887 -> 51.158.105.98:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
- 63 UDP 192.168.1.128:54570 -> 18.189.84.245:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+ 63 UDP 192.168.1.128:54570 -> 18.189.84.245:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
64 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:34442 -> [2001:4800:7817:101:be76:4eff:fe04:631d]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
- 65 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38689 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][PLAIN TEXT (bSuZ88)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+ 65 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38689 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][PLAIN TEXT (bSuZ88)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
66 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39624 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
67 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:43645 -> [2001:19f0:4:34::1]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
- 68 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44243 -> [2001:19f0:4:34::1]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+ 68 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44243 -> [2001:19f0:4:34::1]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
69 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56073 -> [2604:a880:800:a1::1279:3001]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
70 ICMPV6 [2604:a880:800:a1::1279:3001]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
71 ICMPV6 [2001:4800:7817:101:be76:4eff:fe04:631d]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/reddit.pcap.out b/tests/cfgs/default/result/reddit.pcap.out
index 4dbb2ea84..6c624c302 100644
--- a/tests/cfgs/default/result/reddit.pcap.out
+++ b/tests/cfgs/default/result/reddit.pcap.out
@@ -101,4 +101,4 @@ JA3 Host Stats:
57 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56586 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 47/84][0.14 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/9 54/43 23/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/543 603/1134 183/485][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
58 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56588 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 47/84][0.14 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/9 53/42 22/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/543 603/1134 183/485][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
59 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47302 <-> [2a00:1450:4007:80c::2003]:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][10 pkts/1923 bytes <-> 5 pkts/3123 bytes][Goodput ratio: 55/86][0.13 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/18 73/65 26/27][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 192/625 603/1294 163/555][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,37,0,0,0,0,0,12,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
- 60 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36972 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/168 bytes <-> 1 pkts/94 bytes][Goodput ratio: 0/0][0.04 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 60 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36972 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/168 bytes <-> 1 pkts/94 bytes][Goodput ratio: 0/0][0.04 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/rtmp.pcap.out b/tests/cfgs/default/result/rtmp.pcap.out
index d7f61d5d0..fa96e39b4 100644
--- a/tests/cfgs/default/result/rtmp.pcap.out
+++ b/tests/cfgs/default/result/rtmp.pcap.out
@@ -24,6 +24,6 @@ RTMP 60 25463 3
Acceptable 60 25463 3
- 1 TCP 10.140.74.206:59509 <-> 193.118.47.46:6002 [VLAN: 113][proto: GTP:174/RTMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Media/1][8 pkts/4268 bytes <-> 9 pkts/4410 bytes][Goodput ratio: 79/77][2.62 sec][bytes ratio: -0.016 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 331/225 819/1319 326/455][Pkt Len c2s/s2c min/avg/max/stddev: 122/118 534/490 1458/1458 539/530][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (StreamMedia)][Plen Bins: 13,20,6,0,0,13,6,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0]
+ 1 TCP 10.140.74.206:59509 <-> 193.118.47.46:6002 [VLAN: 113][proto: GTP:174/RTMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Media/1][8 pkts/4268 bytes <-> 9 pkts/4410 bytes][Goodput ratio: 79/77][2.62 sec][bytes ratio: -0.016 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 331/225 819/1319 326/455][Pkt Len c2s/s2c min/avg/max/stddev: 122/118 534/490 1458/1458 539/530][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1935][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (StreamMedia)][Plen Bins: 13,20,6,0,0,13,6,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0]
2 TCP 10.140.80.204:49757 <-> 203.205.224.48:1935 [VLAN: 113][proto: GTP:174/RTMP][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 285/Tencent, Confidence: IP address][DPI packets: 5][cat: Media/1][8 pkts/4155 bytes <-> 9 pkts/4262 bytes][Goodput ratio: 81/79][0.83 sec][bytes ratio: -0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 98/72 177/168 76/54][Pkt Len c2s/s2c min/avg/max/stddev: 110/99 519/474 1458/1458 547/539][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (connect)][Plen Bins: 26,13,0,0,0,13,0,13,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0]
3 TCP 192.168.43.1:1177 <-> 192.168.43.128:1935 [proto: 174/RTMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Media/1][12 pkts/4108 bytes <-> 14 pkts/4260 bytes][Goodput ratio: 84/82][1.04 sec][bytes ratio: -0.018 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 83/75 334/230 119/85][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 342/304 1514/1514 531/465][TCP Fingerprint: 2_128_65535_44bd01ba086e/Unknown][PLAIN TEXT (ace@nAt)][Plen Bins: 7,21,14,0,7,7,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,21,0,0]
diff --git a/tests/cfgs/default/result/rtp.pcapng.out b/tests/cfgs/default/result/rtp.pcapng.out
index 4aea1a5a6..e9f5f836d 100644
--- a/tests/cfgs/default/result/rtp.pcapng.out
+++ b/tests/cfgs/default/result/rtp.pcapng.out
@@ -30,4 +30,4 @@ Fun 30 16092 1
1 TCP 172.16.168.24:40252 <-> 172.16.168.64:5000 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Media/1][19 pkts/21900 bytes <-> 18 pkts/1196 bytes][Goodput ratio: 94/0][85.30 sec][bytes ratio: 0.896 (Upload)][IAT c2s/s2c min/avg/max/stddev: 93/93 5654/6060 82923/82923 20651/21318][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1153/66 1280/74 371/2][TCP Fingerprint: 2_64_5840_1596d0698b3d/Unknown][PLAIN TEXT (QQSPSSV)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0]
2 UDP 10.204.220.71:6000 -> 10.204.220.171:6000 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][15 pkts/18438 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 25/0 77/0 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 1229/0 1486/0 467/0][Plen Bins: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,68,0,0]
3 UDP 150.219.118.19:54234 <-> 192.113.193.227:50003 [proto: 58/Discord][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Collaborative/15][11 pkts/1455 bytes <-> 19 pkts/14637 bytes][Goodput ratio: 68/95][0.14 sec][Client IP: 85.154.2.145][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 36/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/116 132/770 207/1146 54/475][PLAIN TEXT (85.154.2.145)][Plen Bins: 0,20,6,20,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/rtps.pcap.out b/tests/cfgs/default/result/rtps.pcap.out
index 395242f34..29e56a5e9 100644
--- a/tests/cfgs/default/result/rtps.pcap.out
+++ b/tests/cfgs/default/result/rtps.pcap.out
@@ -24,4 +24,4 @@ RTPS 29 22382 1
Acceptable 29 22382 1
- 1 UDP 127.0.0.1:28108 -> 127.0.0.1:7410 [proto: 359/RTPS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 359/RTPS, Confidence: DPI][DPI packets: 1][cat: RPC/16][29 pkts/22382 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][490.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1000/0 17655/0 30000/0 13497/0][Pkt Len c2s/s2c min/avg/max/stddev: 58/0 772/0 822/0 185/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (dds.sys)][Plen Bins: 3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 127.0.0.1:28108 -> 127.0.0.1:7410 [proto: 359/RTPS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 359/RTPS, Confidence: DPI][DPI packets: 1][cat: RPC/16][29 pkts/22382 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][490.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1000/0 17655/0 30000/0 13497/0][Pkt Len c2s/s2c min/avg/max/stddev: 58/0 772/0 822/0 185/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 7401][PLAIN TEXT (dds.sys)][Plen Bins: 3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/rtsp.pcap.out b/tests/cfgs/default/result/rtsp.pcap.out
index 368c11406..7596fea3d 100644
--- a/tests/cfgs/default/result/rtsp.pcap.out
+++ b/tests/cfgs/default/result/rtsp.pcap.out
@@ -24,10 +24,10 @@ RTSP 568 100872 7
Fun 568 100872 7
- 1 TCP 10.1.1.10:52478 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 21][cat: Media/1][44 pkts/6374 bytes <-> 60 pkts/11092 bytes][Goodput ratio: 59/68][59.02 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1730/3 58323/42 9852/8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 145/185 257/751 77/190][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 10.1.1.10:52472 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Media/1][40 pkts/6114 bytes <-> 56 pkts/10878 bytes][Goodput ratio: 62/70][58.23 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1872/2 58022/20 10252/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/194 258/751 77/194][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 10.1.1.10:52480 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Media/1][40 pkts/6114 bytes <-> 52 pkts/10628 bytes][Goodput ratio: 62/71][59.74 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1921/2 59529/21 10518/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/204 258/751 77/198][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 10.1.1.10:52476 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Media/1][44 pkts/5778 bytes <-> 52 pkts/10636 bytes][Goodput ratio: 55/71][7.66 sec][bytes ratio: -0.296 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 63/20 12/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 131/205 258/751 79/198][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,18,18,9,18,0,18,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 TCP 10.1.1.10:52474 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Media/1][40 pkts/6114 bytes <-> 44 pkts/10152 bytes][Goodput ratio: 62/75][58.31 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1816/2 58099/23 10109/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/231 258/751 77/204][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 TCP 10.1.1.10:52482 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Media/1][36 pkts/5294 bytes <-> 48 pkts/10394 bytes][Goodput ratio: 60/73][0.20 sec][bytes ratio: -0.325 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 6/20 1/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 147/217 258/751 79/201][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,18,18,9,18,0,18,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 TCP 10.1.1.10:52470 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 50/RTSP, Confidence: DPI][DPI packets: 1][cat: Media/1][4 pkts/820 bytes <-> 8 pkts/484 bytes][Goodput ratio: 73/0][< 1 sec][bytes ratio: 0.258 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 205/56 205/60 205/62 0/3][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (PARAMETER rtsp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 10.1.1.10:52478 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 21][cat: Media/1][44 pkts/6374 bytes <-> 60 pkts/11092 bytes][Goodput ratio: 59/68][59.02 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1730/3 58323/42 9852/8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 145/185 257/751 77/190][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 554][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 10.1.1.10:52472 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Media/1][40 pkts/6114 bytes <-> 56 pkts/10878 bytes][Goodput ratio: 62/70][58.23 sec][bytes ratio: -0.280 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1872/2 58022/20 10252/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/194 258/751 77/194][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 554][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 10.1.1.10:52480 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Media/1][40 pkts/6114 bytes <-> 52 pkts/10628 bytes][Goodput ratio: 62/71][59.74 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1921/2 59529/21 10518/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/204 258/751 77/198][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 554][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 10.1.1.10:52476 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Media/1][44 pkts/5778 bytes <-> 52 pkts/10636 bytes][Goodput ratio: 55/71][7.66 sec][bytes ratio: -0.296 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 63/20 12/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 131/205 258/751 79/198][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 554][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,18,18,9,18,0,18,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 TCP 10.1.1.10:52474 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Media/1][40 pkts/6114 bytes <-> 44 pkts/10152 bytes][Goodput ratio: 62/75][58.31 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1816/2 58099/23 10109/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 153/231 258/751 77/204][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 554][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,16,25,8,16,0,16,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 TCP 10.1.1.10:52482 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Media/1][36 pkts/5294 bytes <-> 48 pkts/10394 bytes][Goodput ratio: 60/73][0.20 sec][bytes ratio: -0.325 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 6/20 1/6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 147/217 258/751 79/201][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 554][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (OPTIONS rtsp)][Plen Bins: 0,0,0,18,18,9,18,0,18,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 TCP 10.1.1.10:52470 <-> 10.2.2.2:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 50/RTSP, Confidence: DPI][DPI packets: 1][cat: Media/1][4 pkts/820 bytes <-> 8 pkts/484 bytes][Goodput ratio: 73/0][< 1 sec][bytes ratio: 0.258 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 205/56 205/60 205/62 0/3][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 554][PLAIN TEXT (PARAMETER rtsp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/rtsp_setup_http.pcapng.out b/tests/cfgs/default/result/rtsp_setup_http.pcapng.out
index 0836da769..66196f4ea 100644
--- a/tests/cfgs/default/result/rtsp_setup_http.pcapng.out
+++ b/tests/cfgs/default/result/rtsp_setup_http.pcapng.out
@@ -24,4 +24,4 @@ RTSP 1 233 1
Fun 1 233 1
- 1 TCP 172.28.5.170:63840 -> 172.28.4.26:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 50/RTSP, Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (SETUP rtsp)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 172.28.5.170:63840 -> 172.28.4.26:8554 [proto: 50/RTSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 50/RTSP, Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][User-Agent: LibVLC/3.0.16 (LIVE555 Streaming Media v2016.11.28)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 554][PLAIN TEXT (SETUP rtsp)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/selfsigned.pcap.out b/tests/cfgs/default/result/selfsigned.pcap.out
index a3f705080..9ec986cba 100644
--- a/tests/cfgs/default/result/selfsigned.pcap.out
+++ b/tests/cfgs/default/result/selfsigned.pcap.out
@@ -29,4 +29,4 @@ JA3 Host Stats:
1 127.0.0.1 1
- 1 TCP 127.0.0.1:51607 <-> 127.0.0.1:3001 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Network/14][10 pkts/1421 bytes <-> 10 pkts/2345 bytes][Goodput ratio: 60/76][0.05 sec][Hostname/SNI: localhost][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.245 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/7 32/32 10/11][Pkt Len c2s/s2c min/avg/max/stddev: 56/44 142/234 573/1413 156/408][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS Cert Expired **][Risk Score: 250][Risk Info: 10/Oct/2015 15:55:47 - 09/Oct/2016 15:55:47 / C=IT, ST=Some-State, O=ntop.org][TCP Fingerprint: 2_64_65535_73816777065d/Unknown][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][JA4: t12d6707h2_2955a3196ffa_c83f907a73d3][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=IT, ST=Some-State, O=ntop.org][Subject: C=IT, ST=Some-State, O=ntop.org][Certificate SHA-1: AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B][Firefox][Validity: 2015-10-10 15:55:47 - 2016-10-09 15:55:47][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 14,14,0,14,0,0,14,0,0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0]
+ 1 TCP 127.0.0.1:51607 <-> 127.0.0.1:3001 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Network/14][10 pkts/1421 bytes <-> 10 pkts/2345 bytes][Goodput ratio: 60/76][0.05 sec][Hostname/SNI: localhost][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.245 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/7 32/32 10/11][Pkt Len c2s/s2c min/avg/max/stddev: 56/44 142/234 573/1413 156/408][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS Cert Expired **][Risk Score: 250][Risk Info: Expected on port 443 / 10/Oct/2015 15:55:47 - 09/Oct/2016 15:55:47 / C=IT, ST=Some-State, O=ntop.org][TCP Fingerprint: 2_64_65535_73816777065d/Unknown][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][JA4: t12d6707h2_2955a3196ffa_c83f907a73d3][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=IT, ST=Some-State, O=ntop.org][Subject: C=IT, ST=Some-State, O=ntop.org][Certificate SHA-1: AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B][Firefox][Validity: 2015-10-10 15:55:47 - 2016-10-09 15:55:47][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 14,14,0,14,0,0,14,0,0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/signal_audiocall.pcapng.out b/tests/cfgs/default/result/signal_audiocall.pcapng.out
new file mode 100644
index 000000000..173b9d892
--- /dev/null
+++ b/tests/cfgs/default/result/signal_audiocall.pcapng.out
@@ -0,0 +1,31 @@
+DPI Packets (UDP): 28 (7.00 pkts/flow)
+Confidence DPI (cache) : 3 (flows)
+Confidence DPI : 1 (flows)
+Num dissector calls: 14 (3.50 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun: 8/11/3 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/0/0 (insert/search/found)
+Automa host: 0/0 (search/found)
+Automa domain: 0/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 0/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 8/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 0/0 (search/found)
+Patricia protocols: 4/4 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+SignalVoip 268 50558 4
+
+Acceptable 268 50558 4
+
+ 1 UDP 192.168.12.67:45419 <-> 35.219.226.11:54116 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][91 pkts/20258 bytes <-> 87 pkts/18776 bytes][Goodput ratio: 81/81][16.10 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 185/163 2145/2221 406/335][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 223/216 337/337 105/106][Mapped IP/Port: 93.35.168.30:45251][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (zaziGwgI)][Plen Bins: 6,15,11,11,0,0,0,0,46,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.67:45419 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][29 pkts/3570 bytes <-> 29 pkts/4210 bytes][Goodput ratio: 66/71][19.07 sec][Hostname/SNI: signal.org][bytes ratio: -0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 594/604 2518/2516 688/680][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 123/145 182/182 41/34][Mapped IP/Port: 93.35.168.30:45250][Relayed IP/Port: 35.219.252.146:22269][PLAIN TEXT (BDIbPI2)][Plen Bins: 17,8,15,32,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.67:45419 <-> 35.219.226.11:12261 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][11 pkts/1238 bytes <-> 11 pkts/1454 bytes][Goodput ratio: 63/68][14.81 sec][bytes ratio: -0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 97/26 1215/1207 2521/2521 1083/1093][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 113/132 146/138 14/12][Mapped IP/Port: 93.35.168.30:45251][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BV39hIkc1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 192.168.12.67:45419 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.03 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/8 2504/2504 9975/9975 4313/4313][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45250][Relayed IP/Port: 35.216.234.234:45312][PLAIN TEXT (sWCyiFie)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/signal_videocall.pcapng.out b/tests/cfgs/default/result/signal_videocall.pcapng.out
new file mode 100644
index 000000000..83bc9bf68
--- /dev/null
+++ b/tests/cfgs/default/result/signal_videocall.pcapng.out
@@ -0,0 +1,30 @@
+DPI Packets (UDP): 21 (7.00 pkts/flow)
+Confidence DPI (cache) : 2 (flows)
+Confidence DPI : 1 (flows)
+Num dissector calls: 8 (2.67 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun: 6/10/2 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/0/0 (insert/search/found)
+Automa host: 0/0 (search/found)
+Automa domain: 0/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 0/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 6/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 0/0 (search/found)
+Patricia protocols: 3/3 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+SignalVoip 334 123259 3
+
+Acceptable 334 123259 3
+
+ 1 UDP 192.168.12.67:47926 <-> 35.219.252.146:56377 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][167 pkts/87565 bytes <-> 131 pkts/31930 bytes][Goodput ratio: 92/83][10.75 sec][bytes ratio: 0.466 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/82 2304/2449 291/279][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 524/244 1223/900 385/198][Mapped IP/Port: 93.35.168.30:45266][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (17uAgN)][Plen Bins: 3,28,9,7,0,0,0,0,16,8,1,0,0,1,1,0,1,1,0,1,0,0,0,0,7,3,0,1,0,0,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.67:47926 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][13 pkts/1258 bytes <-> 13 pkts/1454 bytes][Goodput ratio: 57/62][10.01 sec][Hostname/SNI: signal.org][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/6 804/804 4015/4015 1248/1248][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 97/112 162/126 43/14][Mapped IP/Port: 93.35.168.30:45265][Relayed IP/Port: 35.219.252.146:40378][PLAIN TEXT (BFODsIPgWuCIX)][Plen Bins: 34,19,30,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.67:47926 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.02 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/4 2503/2503 9988/9988 4321/4321][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45265][Relayed IP/Port: 35.216.234.234:29688][PLAIN TEXT (42oPBlgi)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/sites.pcapng.out b/tests/cfgs/default/result/sites.pcapng.out
index 59397edf1..690e6c02e 100644
--- a/tests/cfgs/default/result/sites.pcapng.out
+++ b/tests/cfgs/default/result/sites.pcapng.out
@@ -122,14 +122,14 @@ JA3 Host Stats:
26 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48594 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: IP address][DPI packets: 6][cat: Chat/9][3 pkts/930 bytes <-> 3 pkts/3890 bytes][Goodput ratio: 71/93][0.04 sec][Hostname/SNI: web.telegram.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 17/18 8/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 310/1297 750/3710 311/1706][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
27 TCP [2001:b07:a3d:c112:6ea5:ab52:9230:ba5]:35968 <-> [2a04:4e42:c00::347]:443 [proto: 91.412/TLS.Mastodon][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][3 pkts/929 bytes <-> 3 pkts/3890 bytes][Goodput ratio: 71/93][0.01 sec][Hostname/SNI: mastodon.social][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 2/2 2/4 0/2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 310/1297 749/3710 311/1706][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
28 TCP 192.168.1.128:53978 <-> 208.85.40.158:443 [proto: 91.187/TLS.Pandora][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][3 pkts/849 bytes <-> 5 pkts/3932 bytes][Goodput ratio: 76/91][0.68 sec][Hostname/SNI: pandora.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.645 (Download)][IAT c2s/s2c min/avg/max/stddev: 170/0 254/127 339/173 84/73][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/786 583/1514 218/607][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.pandora.com,pandora.com][JA3S: 7047b9d842ee4b3fba6a86353828c915][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1][Subject: C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com][Certificate SHA-1: 40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF][Firefox][Validity: 2021-05-12 00:00:00 - 2022-06-12 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,16,0,0,0,0,0,0,16,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
- 29 TCP 192.168.88.231:49950 <-> 159.153.191.240:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Game/8][5 pkts/807 bytes <-> 5 pkts/3375 bytes][Goodput ratio: 64/91][< 1 sec][Hostname/SNI: accounts.ea.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/36 142/145 70/63][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 161/675 571/1384 205/599][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][TLSv1.2][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_24695f2957a7][ServerNames: accounts.ea.com][JA3S: 7b6819ed58e8d8415604b7dfcef92d55 (WEAK)][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=CALIFORNIA, L=Redwood City, O=Electronic Arts, Inc., CN=accounts.ea.com][Certificate SHA-1: 6E:9C:F6:59:DD:52:AA:1B:73:A6:B5:29:71:59:89:7D:B5:46:67:3D][Firefox][Validity: 2023-04-18 00:00:00 - 2024-05-18 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (3.digicert.com/DigiCertGlobalRo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0]
+ 29 TCP 192.168.88.231:49950 <-> 159.153.191.240:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Game/8][5 pkts/807 bytes <-> 5 pkts/3375 bytes][Goodput ratio: 64/91][< 1 sec][Hostname/SNI: accounts.ea.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/36 142/145 70/63][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 161/675 571/1384 205/599][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][TLSv1.2][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_24695f2957a7][ServerNames: accounts.ea.com][JA3S: 7b6819ed58e8d8415604b7dfcef92d55 (WEAK)][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=CALIFORNIA, L=Redwood City, O=Electronic Arts, Inc., CN=accounts.ea.com][Certificate SHA-1: 6E:9C:F6:59:DD:52:AA:1B:73:A6:B5:29:71:59:89:7D:B5:46:67:3D][Firefox][Validity: 2023-04-18 00:00:00 - 2024-05-18 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (3.digicert.com/DigiCertGlobalRo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0]
30 TCP 192.168.1.245:33212 <-> 15.204.197.32:443 [proto: 91.411/TLS.Bluesky][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: SocialNetwork/6][4 pkts/951 bytes <-> 2 pkts/3036 bytes][Goodput ratio: 71/95][0.19 sec][Hostname/SNI: enoki.us-east.host.bsky.network][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/97 64/97 95/97 44/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 238/1518 745/2962 293/1444][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
31 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48624 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: IP address][DPI packets: 6][cat: Chat/9][4 pkts/1011 bytes <-> 3 pkts/2682 bytes][Goodput ratio: 65/90][0.04 sec][Hostname/SNI: telegram.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.452 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 12/10 18/20 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 253/894 745/2502 284/1137][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][TLSv1.3][JA3C: b5001237acdf006056b409cc433726b0][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
32 UDP 192.168.1.128:36832 <-> 142.250.181.238:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.02 sec][Hostname/SNI: plus.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: b719940c5ab9a3373cb4475d8143ff88][JA4: q13d0314h0_55b375c5d22e_2d2a40a25571][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
33 UDP 192.168.1.128:38642 <-> 216.58.212.142:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.03 sec][Hostname/SNI: hangouts.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: 2a18e6bf307f97c5e27f0ab407dc65db][JA4: q13d0315h0_55b375c5d22e_9974e4f6be5b][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
34 TCP 192.168.88.171:55280 <-> 124.237.225.21:443 [proto: 91.54/TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Streaming/17][3 pkts/691 bytes <-> 4 pkts/1680 bytes][Goodput ratio: 75/86][< 1 sec][Hostname/SNI: msg.qy.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.417 (Download)][IAT c2s/s2c min/avg/max/stddev: 295/2 296/198 297/297 1/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/420 571/1494 241/620][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA3C: f436b9416f37d134cadd04886327d3e8][JA4: t13d3113h2_e8f1e7e78f70_1b3407e2c936][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
35 TCP 192.168.88.171:55468 <-> 184.86.2.194:443 [proto: 91.54/TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][3 pkts/742 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 76/89][0.05 sec][Hostname/SNI: stc.iqiyipic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.372 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/12 23/23 12/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 247/540 622/1494 265/675][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA3C: 2aafde70b049185ef1cca0d7f821a8d7][JA4: t13d1516h2_8daaf6152771_02713d6af862][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
- 36 TCP 192.168.88.231:33920 <-> 185.5.161.203:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][0.08 sec][Hostname/SNI: origin-a.akamaihd.net][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/19 16/24 26/28 10/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][TLSv1.3][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_24695f2957a7][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
+ 36 TCP 192.168.88.231:33920 <-> 185.5.161.203:443 [proto: 91.389/TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][0.08 sec][Hostname/SNI: origin-a.akamaihd.net][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/19 16/24 26/28 10/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][TLSv1.3][JA3C: 57fbe0aefee44901190849b0e877a5e1][JA4: t13d571100_131602cb7446_24695f2957a7][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
37 TCP 192.168.88.171:49217 <-> 54.208.106.218:443 [proto: 91.59/TLS.AdobeConnect][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Video/26][3 pkts/691 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 75/89][0.28 sec][Hostname/SNI: meet27083742.adobeconnect.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 69/70 138/139 69/70][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/540 571/1494 241/675][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
38 TCP 192.168.88.171:55272 <-> 116.211.202.129:443 [proto: 91.54/TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][3 pkts/691 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 75/89][0.59 sec][Hostname/SNI: opportunarch.iqiyi.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/150 288/299 144/150][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/540 571/1494 241/675][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA3C: f436b9416f37d134cadd04886327d3e8][JA4: t13d3113h2_e8f1e7e78f70_1b3407e2c936][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
39 TCP 192.168.1.128:40832 <-> 2.17.141.49:443 [proto: 91.179/TLS.eBay][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Shopping/27][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.ebay.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
diff --git a/tests/cfgs/default/result/sites2.pcapng.out b/tests/cfgs/default/result/sites2.pcapng.out
index c434eb4af..e36e3dcde 100644
--- a/tests/cfgs/default/result/sites2.pcapng.out
+++ b/tests/cfgs/default/result/sites2.pcapng.out
@@ -1,30 +1,32 @@
-DPI Packets (TCP): 21 (7.00 pkts/flow)
-Confidence DPI : 3 (flows)
-Num dissector calls: 3 (1.00 diss/flow)
+DPI Packets (TCP): 25 (6.25 pkts/flow)
+Confidence DPI : 4 (flows)
+Num dissector calls: 4 (1.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
-LRU cache fpc_dns: 0/3/0 (insert/search/found)
-Automa host: 3/3 (search/found)
-Automa domain: 3/0 (search/found)
+LRU cache fpc_dns: 0/4/0 (insert/search/found)
+Automa host: 4/4 (search/found)
+Automa domain: 4/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
-Automa common alpns: 5/5 (search/found)
+Automa common alpns: 6/6 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
-Patricia protocols: 4/2 (search/found)
+Patricia protocols: 6/2 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
Shein 13 5080 1
Temu 20 7323 1
Taobao 15 7085 1
+ParamountPlus 4 797 1
Acceptable 48 19488 3
+Fun 4 797 1
JA3 Host Stats:
IP Address # JA3C
@@ -34,3 +36,4 @@ JA3 Host Stats:
1 TCP 192.168.12.67:47694 <-> 20.15.0.9:443 [proto: 91.435/TLS.Temu][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Shopping/27][10 pkts/1963 bytes <-> 10 pkts/5360 bytes][Goodput ratio: 71/90][0.54 sec][Hostname/SNI: gtm.temu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.464 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 61/49 282/342 86/112][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 196/536 571/1514 206/532][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA3C: 92768199641a57091d8ad9085387a16f][JA4: t13d1712h2_5b57614c22b0_3f5d972527c0][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,0,0,0,25,0,0,0,0,0,0,16,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
2 TCP 192.168.12.67:43446 <-> 59.82.122.224:443 [proto: 91.436/TLS.Taobao][IP: 274/Alibaba][Encrypted][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Shopping/27][9 pkts/2792 bytes <-> 6 pkts/4293 bytes][Goodput ratio: 82/92][0.78 sec][Hostname/SNI: umdc.taobao.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.212 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/64 269/253 125/109][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 310/716 1078/1514 359/618][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.2][JA3C: 9b02ebd3a43b62d825e1ac605b621dc8][JA4: t13d1713ht_5b57614c22b0_eca864cca44a][ServerNames: *.alibabachengdun.com,*.alibabachengdun.net,umdc.aliapp.org,*.ynuf.aliapp.org,sgynuf.alibaba.com,pum.m.alibaba.com,ynuf.aliapp.org,mum.hzchengdun.com,mum.m.alibaba.com,umdc.alibaba-inc.com,umidiot.aliapp.org,us-mum.alibabachengdun.com,sg-pum.alibabachengdun.com,sg-pum.alibabachengdun.net,umdc.taobao.com,umdc.tmall.com,alibabachengdun.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3][Subject: C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alibabachengdun.com][Certificate SHA-1: A4:84:85:BF:7A:3D:54:C0:EE:F2:8B:39:E7:ED:56:FB:74:6B:5E:61][Safari][Validity: 2024-09-11 08:46:01 - 2025-09-04 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
3 TCP 192.168.12.67:46892 <-> 2.23.155.106:443 [proto: 91.434/TLS.Shein][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Shopping/27][7 pkts/1067 bytes <-> 6 pkts/4013 bytes][Goodput ratio: 56/90][0.09 sec][Hostname/SNI: img.shein.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/5 58/19 21/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 152/669 583/1514 178/648][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA3C: f79b6bad2ad0641e1921aef10262856b][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
+ 4 TCP 192.168.12.67:39974 <-> 151.101.1.233:443 [proto: 91.439/TLS.ParamountPlus][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Streaming/17][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.01 sec][Hostname/SNI: vod-gcs-cedexis.cbsaavideo.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.2][JA3C: f79b6bad2ad0641e1921aef10262856b][JA4: t13d1513ht_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (cedexis.c)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/skype-conference-call.pcap.out b/tests/cfgs/default/result/skype-conference-call.pcap.out
index d397abd46..ab8eeea11 100644
--- a/tests/cfgs/default/result/skype-conference-call.pcap.out
+++ b/tests/cfgs/default/result/skype-conference-call.pcap.out
@@ -24,4 +24,4 @@ Skype_TeamsCall 200 39687 1
Acceptable 200 39687 1
- 1 UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][133 pkts/24845 bytes <-> 67 pkts/14842 bytes][Goodput ratio: 78/81][1.50 sec][bytes ratio: 0.252 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/8 147/120 22/27][Pkt Len c2s/s2c min/avg/max/stddev: 74/77 187/222 957/957 244/233][Mapped IP/Port: 104.46.40.49:60642][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,41,17,28,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][133 pkts/24845 bytes <-> 67 pkts/14842 bytes][Goodput ratio: 78/81][1.50 sec][bytes ratio: 0.252 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/8 147/120 22/27][Pkt Len c2s/s2c min/avg/max/stddev: 74/77 187/222 957/957 244/233][Mapped IP/Port: 104.46.40.49:60642][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,41,17,28,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/soap.pcap.out b/tests/cfgs/default/result/soap.pcap.out
index ffe338f74..7bab6ba48 100644
--- a/tests/cfgs/default/result/soap.pcap.out
+++ b/tests/cfgs/default/result/soap.pcap.out
@@ -26,4 +26,4 @@ Acceptable 20 10948 3
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 253/SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RPC/16][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 253/SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RPC/16][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.253/HTTP.SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.253/HTTP.SOAP, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
+ 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.253/HTTP.SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.253/HTTP.SOAP, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
diff --git a/tests/cfgs/default/result/socks.pcap.out b/tests/cfgs/default/result/socks.pcap.out
index a0c274792..5371c05e5 100644
--- a/tests/cfgs/default/result/socks.pcap.out
+++ b/tests/cfgs/default/result/socks.pcap.out
@@ -24,7 +24,7 @@ SOCKS 60 10559 4
Acceptable 60 10559 4
- 1 TCP 10.180.156.185:53535 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/832 bytes <-> 7 pkts/2073 bytes][Goodput ratio: 19/77][0.01 sec][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/296 212/1514 43/500][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (uGET / HTTP/1.1)][Plen Bins: 57,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
- 2 TCP 10.180.156.185:53534 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/711 bytes <-> 7 pkts/2069 bytes][Goodput ratio: 24/77][0.05 sec][bytes ratio: -0.488 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/12 47/46 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/296 212/1514 47/500][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
- 3 TCP 10.180.156.185:53533 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/695 bytes <-> 6 pkts/2003 bytes][Goodput ratio: 22/80][0.01 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 3/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/334 212/1514 48/530][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
- 4 TCP 10.0.0.1:1637 <-> 10.0.0.2:21477 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][8 pkts/886 bytes <-> 6 pkts/1290 bytes][Goodput ratio: 47/73][117.94 sec][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/356 370/415 644/479 191/50][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 111/215 449/984 128/344][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_128_16384_2564f2bea184/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 67,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 10.180.156.185:53535 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/832 bytes <-> 7 pkts/2073 bytes][Goodput ratio: 19/77][0.01 sec][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/296 212/1514 43/500][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (uGET / HTTP/1.1)][Plen Bins: 57,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
+ 2 TCP 10.180.156.185:53534 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/711 bytes <-> 7 pkts/2069 bytes][Goodput ratio: 24/77][0.05 sec][bytes ratio: -0.488 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/12 47/46 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/296 212/1514 47/500][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
+ 3 TCP 10.180.156.185:53533 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/695 bytes <-> 6 pkts/2003 bytes][Goodput ratio: 22/80][0.01 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 3/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/334 212/1514 48/530][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
+ 4 TCP 10.0.0.1:1637 <-> 10.0.0.2:21477 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][8 pkts/886 bytes <-> 6 pkts/1290 bytes][Goodput ratio: 47/73][117.94 sec][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/356 370/415 644/479 191/50][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 111/215 449/984 128/344][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1080][TCP Fingerprint: 2_128_16384_2564f2bea184/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 67,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/someip-tp.pcap.out b/tests/cfgs/default/result/someip-tp.pcap.out
index e492ebc82..9798af3ac 100644
--- a/tests/cfgs/default/result/someip-tp.pcap.out
+++ b/tests/cfgs/default/result/someip-tp.pcap.out
@@ -24,4 +24,4 @@ SOMEIP 9 12850 1
Acceptable 9 12850 1
- 1 UDP 10.0.1.207:56772 -> 10.0.1.1:18193 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 229/SOMEIP, Confidence: DPI][DPI packets: 1][cat: RPC/16][9 pkts/12850 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.10 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 12/0 20/0 5/0][Pkt Len c2s/s2c min/avg/max/stddev: 1218/0 1428/0 1454/0 74/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (./0123456789)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,88,0,0,0]
+ 1 UDP 10.0.1.207:56772 -> 10.0.1.1:18193 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 229/SOMEIP, Confidence: DPI][DPI packets: 1][cat: RPC/16][9 pkts/12850 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.10 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 12/0 20/0 5/0][Pkt Len c2s/s2c min/avg/max/stddev: 1218/0 1428/0 1454/0 74/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 30491,30501,30490][PLAIN TEXT (./0123456789)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,88,0,0,0]
diff --git a/tests/cfgs/default/result/someip-udp-method-call.pcapng.out b/tests/cfgs/default/result/someip-udp-method-call.pcapng.out
index 62c6907a4..094410fc7 100644
--- a/tests/cfgs/default/result/someip-udp-method-call.pcapng.out
+++ b/tests/cfgs/default/result/someip-udp-method-call.pcapng.out
@@ -24,5 +24,5 @@ SOMEIP 3 504 2
Acceptable 3 504 2
- 1 UDP 192.168.0.1:49190 -> 224.0.0.1:49190 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 229/SOMEIP, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.0.125:49191 <-> 192.168.0.1:49201 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 229/SOMEIP, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/67 bytes <-> 1 pkts/67 bytes][Goodput ratio: 37/37][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.0.1:49190 -> 224.0.0.1:49190 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 229/SOMEIP, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 30491,30501,30490][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.0.125:49191 <-> 192.168.0.1:49201 [proto: 229/SOMEIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 229/SOMEIP, Confidence: DPI][DPI packets: 1][cat: RPC/16][1 pkts/67 bytes <-> 1 pkts/67 bytes][Goodput ratio: 37/37][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 30491,30501,30490][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/sonos.pcapng.out b/tests/cfgs/default/result/sonos.pcapng.out
index 7872e6920..78e61f50c 100644
--- a/tests/cfgs/default/result/sonos.pcapng.out
+++ b/tests/cfgs/default/result/sonos.pcapng.out
@@ -30,5 +30,5 @@ JA3 Host Stats:
1 192.168.1.29 1
- 1 TCP 192.168.1.29:52425 <-> 192.168.1.70:1443 [proto: 91.430/TLS.Sonos][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Music/25][23 pkts/2258 bytes <-> 21 pkts/13801 bytes][Goodput ratio: 32/90][0.09 sec][Hostname/SNI: 192.168.1.70][bytes ratio: -0.719 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/3 76/36 17/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 98/657 333/1514 74/647][Risk: ** Known Proto on Non Std Port **** Weak TLS Cipher **** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 260][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_128_GCM_SHA256 / 192.168.1.70 vs sonos-347e5cffa26e.local][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA3C: ae25e09391d7275844ccf16316569582][JA4: t12i130700_88f5d26691c7_cdbdbcd6f742][ServerNames: sonos-347e5cffa26e.local][JA3S: 2fbcb4e196d5bcba6896e593c6016e09 (WEAK)][Issuer: C=US, ST=California, L=Santa Barbara, O=Sonos, Inc, OU=Sonos Devices, CN=Sonos Device Authentication Root CA][Subject: CN=347E5CFFA26E, OU=Sonos Devices, O=Sonos, Inc, L=Santa Barbara, ST=California, C=US][Certificate SHA-1: 48:71:C5:C1:80:17:50:20:E2:25:2E:E3:C3:F9:AE:76:62:1C:26:7E][Firefox][Validity: 2024-01-03 08:21:55 - 2025-01-29 08:20:55][Cipher: TLS_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 20,14,0,0,4,4,0,4,4,0,0,4,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,0]
+ 1 TCP 192.168.1.29:52425 <-> 192.168.1.70:1443 [proto: 91.430/TLS.Sonos][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Music/25][23 pkts/2258 bytes <-> 21 pkts/13801 bytes][Goodput ratio: 32/90][0.09 sec][Hostname/SNI: 192.168.1.70][bytes ratio: -0.719 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/3 76/36 17/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 98/657 333/1514 74/647][Risk: ** Known Proto on Non Std Port **** Weak TLS Cipher **** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 260][Risk Info: No ALPN / Expected on port 443 / Cipher TLS_RSA_WITH_AES_128_GCM_SHA256 / 192.168.1.70 vs sonos-347e5cffa26e.local][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA3C: ae25e09391d7275844ccf16316569582][JA4: t12i130700_88f5d26691c7_cdbdbcd6f742][ServerNames: sonos-347e5cffa26e.local][JA3S: 2fbcb4e196d5bcba6896e593c6016e09 (WEAK)][Issuer: C=US, ST=California, L=Santa Barbara, O=Sonos, Inc, OU=Sonos Devices, CN=Sonos Device Authentication Root CA][Subject: CN=347E5CFFA26E, OU=Sonos Devices, O=Sonos, Inc, L=Santa Barbara, ST=California, C=US][Certificate SHA-1: 48:71:C5:C1:80:17:50:20:E2:25:2E:E3:C3:F9:AE:76:62:1C:26:7E][Firefox][Validity: 2024-01-03 08:21:55 - 2025-01-29 08:20:55][Cipher: TLS_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 20,14,0,0,4,4,0,4,4,0,0,4,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,0]
2 UDP 192.168.15.37:44467 -> 192.168.15.36:7080 [proto: 430/Sonos][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 430/Sonos, Confidence: DPI][DPI packets: 1][cat: Music/25][17 pkts/13273 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][12.39 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 690/0 3404/0 969/0][Pkt Len c2s/s2c min/avg/max/stddev: 51/0 781/0 1074/0 453/0][PLAIN TEXT (ESTMUUUUu)][Plen Bins: 23,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/ssh.pcap.out b/tests/cfgs/default/result/ssh.pcap.out
index e48b19600..056ac419b 100644
--- a/tests/cfgs/default/result/ssh.pcap.out
+++ b/tests/cfgs/default/result/ssh.pcap.out
@@ -25,4 +25,4 @@ SSH 295 44977 2
Acceptable 295 44977 2
1 TCP 172.16.238.1:58395 <-> 172.16.238.168:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: RemoteAccess/12][159 pkts/15615 bytes <-> 99 pkts/19931 bytes][Goodput ratio: 33/67][248.48 sec][Hostname/SNI: SSH-2.0-OpenSSH_5.3][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1846/2934 166223/166224 14794/19692][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/201 970/1346 83/283][Risk: ** SSH Obsolete Cli Vers/Cipher **** SSH Obsolete Ser Vers/Cipher **][Risk Score: 150][Risk Info: Found cipher arcfour128 / Found cipher arcfour128][TCP Fingerprint: 2_64_65535_b6a8548bc8e8/Unknown][HASSH-C: 21B457A327CE7A2D4FCE5EF2C42400BD][Server: SSH-2.0-OpenSSH_5.6][HASSH-S: B1C6C0D56317555B85C7005A3DE29325][Plen Bins: 2,76,12,2,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0]
- 2 TCP 127.0.0.1:58496 <-> 127.0.0.1:8000 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: RemoteAccess/12][20 pkts/5598 bytes <-> 17 pkts/3833 bytes][Goodput ratio: 76/71][2.18 sec][Hostname/SNI: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 119/162 1760/1760 424/463][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 280/225 1602/1098 437/270][Risk: ** Known Proto on Non Std Port **** SSH Obsolete Ser Vers/Cipher **][Risk Score: 100][Risk Info: Found cipher arcfour128][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][HASSH-C: C11B200866CF918393E62EA25D851D90][Server: SSH-2.0-APACHE-SSHD-2.5.0][HASSH-S: CA6DD86B2D9A44E4A3F1A55C53E6B0FA][Plen Bins: 13,4,42,4,4,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4]
+ 2 TCP 127.0.0.1:58496 <-> 127.0.0.1:8000 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: RemoteAccess/12][20 pkts/5598 bytes <-> 17 pkts/3833 bytes][Goodput ratio: 76/71][2.18 sec][Hostname/SNI: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 119/162 1760/1760 424/463][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 280/225 1602/1098 437/270][Risk: ** Known Proto on Non Std Port **** SSH Obsolete Ser Vers/Cipher **][Risk Score: 100][Risk Info: Expected on port 22 / Found cipher arcfour128][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][HASSH-C: C11B200866CF918393E62EA25D851D90][Server: SSH-2.0-APACHE-SSHD-2.5.0][HASSH-S: CA6DD86B2D9A44E4A3F1A55C53E6B0FA][Plen Bins: 13,4,42,4,4,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4]
diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out
index 652def16d..0176fdc3e 100644
--- a/tests/cfgs/default/result/starcraft_battle.pcap.out
+++ b/tests/cfgs/default/result/starcraft_battle.pcap.out
@@ -90,5 +90,5 @@ Fun 245 52374 7
48 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/11][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
49 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/11][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
50 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 51 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 52 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 60][Risk Info: No client to server traffic / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 51 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: No client to server traffic / Connection refused / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 52 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: No client to server traffic / Connection refused / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/steam.pcapng.out b/tests/cfgs/default/result/steam.pcapng.out
index de159f11a..187a1b9a0 100644
--- a/tests/cfgs/default/result/steam.pcapng.out
+++ b/tests/cfgs/default/result/steam.pcapng.out
@@ -35,8 +35,8 @@ JA3 Host Stats:
1 TCP 192.168.88.231:57749 <-> 23.52.29.119:443 [proto: 91.74/TLS.Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][5 pkts/1378 bytes <-> 5 pkts/1865 bytes][Goodput ratio: 75/82][< 1 sec][Hostname/SNI: api.steampowered.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.150 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 18/18 24/39 7/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 276/373 589/1494 253/562][TCP Fingerprint: 2_64_65535_d227986fac6c/Unknown][TLSv1.3][JA3C: 07eb11020e4395f99e5ef70baf9c1d11][JA4: t13d3213h2_85d9c3ed342d_e802cdec6a7f][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (67viP.eampowered.com)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
2 TCP 192.168.88.231:54243 <-> 188.114.98.224:443 [proto: 91.386/TLS.Dota2][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: Game/8][5 pkts/1378 bytes <-> 5 pkts/1167 bytes][Goodput ratio: 75/71][< 1 sec][Hostname/SNI: www.dota2.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13/47 43/68 98/94 32/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 276/233 589/796 253/284][TCP Fingerprint: 2_64_65535_d227986fac6c/Unknown][TLSv1.3][JA3C: 07eb11020e4395f99e5ef70baf9c1d11][JA4: t13d3213ht_85d9c3ed342d_e802cdec6a7f][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 192.168.88.231:42070 <-> 95.100.141.15:443 [proto: 91.74/TLS.Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][< 1 sec][Hostname/SNI: store.steampowered.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/12 24/24 12/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
- 4 TCP 162.254.198.46:27038 <-> 192.168.88.231:50983 [proto: 91.74/TLS.Steam][IP: 74/Steam][Encrypted][Confidence: DPI][FPC: 74/Steam, Confidence: IP address][DPI packets: 4][cat: Game/8][2 pkts/1560 bytes <-> 2 pkts/625 bytes][Goodput ratio: 92/83][< 1 sec][Hostname/SNI: ext3-sto1.steamserver.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: 07eb11020e4395f99e5ef70baf9c1d11][JA4: t13d3213h2_85d9c3ed342d_e802cdec6a7f][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
+ 3 TCP 192.168.88.231:42070 <-> 95.100.141.15:443 [proto: 91.74/TLS.Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][< 1 sec][Hostname/SNI: store.steampowered.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/12 24/24 12/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
+ 4 TCP 162.254.198.46:27038 <-> 192.168.88.231:50983 [proto: 91.74/TLS.Steam][IP: 74/Steam][Encrypted][Confidence: DPI][FPC: 74/Steam, Confidence: IP address][DPI packets: 4][cat: Game/8][2 pkts/1560 bytes <-> 2 pkts/625 bytes][Goodput ratio: 92/83][< 1 sec][Hostname/SNI: ext3-sto1.steamserver.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TLSv1.3][JA3C: 07eb11020e4395f99e5ef70baf9c1d11][JA4: t13d3213h2_85d9c3ed342d_e802cdec6a7f][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
5 TCP 192.168.88.231:59739 <-> 2.20.254.25:80 [proto: 7.74/HTTP.Steam][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][6 pkts/629 bytes <-> 4 pkts/559 bytes][Goodput ratio: 36/51][< 1 sec][Hostname/SNI: test.steampowered.com][bytes ratio: 0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6002/2 30001/3 12000/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105/140 291/353 83/123][URL: test.steampowered.com/204][StatusCode: 204][Content-Type: text/plain][Server: AkamaiNetStorage][User-Agent: Valve/Steam HTTP Client 1.0][TCP Fingerprint: 2_64_65535_d227986fac6c/Unknown][PLAIN TEXT (GET /204 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.88.231:27036 -> 192.168.88.255:27036 [proto: 74/Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 74/Steam, Confidence: DPI][DPI packets: 1][cat: Game/8][6 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][22.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4403/0 15014/0 5613/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 154/0 226/0 72/0][PLAIN TEXT (localhost)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.88.231:46604 -> 155.133.252.86:27045 [proto: 235/SteamDatagramRelay][IP: 74/Steam][ClearText][Confidence: DPI][FPC: 235/SteamDatagramRelay, Confidence: DPI][DPI packets: 1][cat: Game/8][2 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (sdping)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stomp.pcapng.out b/tests/cfgs/default/result/stomp.pcapng.out
index a7dbb775e..f7bb603fa 100644
--- a/tests/cfgs/default/result/stomp.pcapng.out
+++ b/tests/cfgs/default/result/stomp.pcapng.out
@@ -24,4 +24,4 @@ STOMP 19 1756 1
Acceptable 19 1756 1
- 1 TCP 192.168.88.231:34732 <-> 192.168.88.198:61613 [proto: 390/STOMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RPC/16][10 pkts/863 bytes <-> 9 pkts/893 bytes][Goodput ratio: 23/33][19.02 sec][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2377/1549 9791/7564 3705/2763][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86/99 126/177 25/46][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][PLAIN TEXT (accept)][Plen Bins: 14,42,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.88.231:34732 <-> 192.168.88.198:61613 [proto: 390/STOMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RPC/16][10 pkts/863 bytes <-> 9 pkts/893 bytes][Goodput ratio: 23/33][19.02 sec][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2377/1549 9791/7564 3705/2763][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86/99 126/177 25/46][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][PLAIN TEXT (accept)][Plen Bins: 14,42,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out
index 0cbc0c8c6..49e86d06d 100644
--- a/tests/cfgs/default/result/stun.pcap.out
+++ b/tests/cfgs/default/result/stun.pcap.out
@@ -38,7 +38,7 @@ JA3 Host Stats:
2 192.168.43.169 1
- 1 UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Mapped IP/Port: 93.47.226.1:11162][Peer IP/Port: 192.168.0.102:44459][Relayed IP/Port: 31.13.86.54:53789][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Mapped IP/Port: 93.47.226.1:11162][Peer IP/Port: 192.168.0.102:44459][Relayed IP/Port: 31.13.86.54:53789][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 17][cat: VoIP/10][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][Mapped IP/Port: 93.47.225.70:12165][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8][Validity: 2022-03-17 02:11:17 - 2023-03-18 02:11:17][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]
3 UDP [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603]:56880 <-> [2a38:e156:8167:a333:face:b00c::24d9]:3478 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: Network/14][21 pkts/1722 bytes <-> 21 pkts/2226 bytes][Goodput ratio: 24/41][191.49 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/2 9451/9451 10358/10358 2441/2441][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Mapped IP/Port: [2001:1670:c:eb04:70af:f67f:8e49:f603]:56880][PLAIN TEXT (WOBTrOXR)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 87.47.100.17:3478 <-> 54.1.57.155:37257 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Network/14][9 pkts/1494 bytes <-> 11 pkts/2178 bytes][Goodput ratio: 60/67][0.95 sec][Hostname/SNI: apps-host.com][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/96 267/252 102/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/94 166/198 234/354 41/65][Mapped IP/Port: 5.37.217.126:37257][Relayed IP/Port: 66.55.92.16:40576][PLAIN TEXT (Unauthorized)][Plen Bins: 10,0,15,21,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun_classic.pcap.out b/tests/cfgs/default/result/stun_classic.pcap.out
index eabe2177f..aa0f4b56e 100644
--- a/tests/cfgs/default/result/stun_classic.pcap.out
+++ b/tests/cfgs/default/result/stun_classic.pcap.out
@@ -24,4 +24,4 @@ RTP 22 1624 1
Acceptable 22 1624 1
- 1 UDP 172.16.63.224:55050 <-> 172.16.63.21:13958 [proto: 78.87/STUN.RTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: Media/1][9 pkts/662 bytes <-> 13 pkts/962 bytes][Goodput ratio: 43/43][0.23 sec][bytes ratio: -0.185 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 32/17 101/42 32/11][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 74/74 74/74 1/0][Mapped IP/Port: 172.16.63.224:55050][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 4,95,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 172.16.63.224:55050 <-> 172.16.63.21:13958 [proto: 78.87/STUN.RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: Media/1][9 pkts/662 bytes <-> 13 pkts/962 bytes][Goodput ratio: 43/43][0.23 sec][bytes ratio: -0.185 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 32/17 101/42 32/11][Pkt Len c2s/s2c min/avg/max/stddev: 70/74 74/74 74/74 1/0][Mapped IP/Port: 172.16.63.224:55050][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 4,95,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out b/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out
index 7419c90f0..9018e109a 100644
--- a/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out
+++ b/tests/cfgs/default/result/stun_dtls_rtp_unidir.pcapng.out
@@ -24,5 +24,5 @@ STUN 43 10358 2
Acceptable 43 10358 2
- 1 UDP 10.1.0.3:5853 -> 10.10.0.1:2808 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: Network/14][18 pkts/5384 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][7.17 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 386/0 4001/0 979/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/0 299/0 750/0 221/0][Mapped IP/Port: 10.10.0.1:26378][Peer IP/Port: 10.0.0.147:60770][Relayed IP/Port: 10.1.0.3:60815][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (Coturn)][Plen Bins: 0,5,5,5,34,22,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 10.10.0.1:65226 -> 10.1.0.3:57730 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: Network/14][25 pkts/4974 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][7.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 324/0 4001/0 904/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 199/0 478/0 92/0][Peer IP/Port: 192.168.2.105:60770][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (username1)][Plen Bins: 0,8,16,16,32,0,4,8,0,12,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 10.1.0.3:5853 -> 10.10.0.1:2808 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: Network/14][18 pkts/5384 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][7.17 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 386/0 4001/0 979/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/0 299/0 750/0 221/0][Mapped IP/Port: 10.10.0.1:26378][Peer IP/Port: 10.0.0.147:60770][Relayed IP/Port: 10.1.0.3:60815][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (Coturn)][Plen Bins: 0,5,5,5,34,22,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 10.10.0.1:65226 -> 10.1.0.3:57730 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: Network/14][25 pkts/4974 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][7.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 324/0 4001/0 904/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 199/0 478/0 92/0][Peer IP/Port: 192.168.2.105:60770][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (username1)][Plen Bins: 0,8,16,16,32,0,4,8,0,12,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun_google_meet.pcapng.out b/tests/cfgs/default/result/stun_google_meet.pcapng.out
index c4d57fc8b..0e40a3ea3 100644
--- a/tests/cfgs/default/result/stun_google_meet.pcapng.out
+++ b/tests/cfgs/default/result/stun_google_meet.pcapng.out
@@ -31,10 +31,10 @@ JA3 Host Stats:
2 192.168.12.156 1
- 1 UDP [2001:b07:a3d:c112:48a1:1094:1227:281e]:45572 <-> [2001:4860:4864:6::81]:19305 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 17][cat: VoIP/10][30 pkts/4693 bytes <-> 118 pkts/36197 bytes][Goodput ratio: 60/80][0.71 sec][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/2 152/74 32/9][Pkt Len c2s/s2c min/avg/max/stddev: 106/99 156/307 608/1265 88/113][Mapped IP/Port: [2001:b07:a3d:c112:48a1:1094:1227:281e]:45572][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 07:CC:FC:28:04:F2:29:8F:E9:C4:BF:AC:F6:D2:BD:F2:BA:36:AD:31][Validity: 2023-10-11 02:02:47 - 2024-10-11 02:02:47][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (igoKAAiKAiADEA)][Plen Bins: 0,6,16,5,2,0,0,0,68,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP [2001:b07:a3d:c112:48a1:1094:1227:281e]:45572 <-> [2001:4860:4864:6::81]:19305 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 17][cat: VoIP/10][30 pkts/4693 bytes <-> 118 pkts/36197 bytes][Goodput ratio: 60/80][0.71 sec][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/2 152/74 32/9][Pkt Len c2s/s2c min/avg/max/stddev: 106/99 156/307 608/1265 88/113][Mapped IP/Port: [2001:b07:a3d:c112:48a1:1094:1227:281e]:45572][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 07:CC:FC:28:04:F2:29:8F:E9:C4:BF:AC:F6:D2:BD:F2:BA:36:AD:31][Validity: 2023-10-11 02:02:47 - 2024-10-11 02:02:47][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (igoKAAiKAiADEA)][Plen Bins: 0,6,16,5,2,0,0,0,68,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.156:38152 <-> 142.250.82.76:19305 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 17][cat: VoIP/10][28 pkts/4034 bytes <-> 46 pkts/12188 bytes][Goodput ratio: 71/84][0.87 sec][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/10 205/154 50/29][Pkt Len c2s/s2c min/avg/max/stddev: 87/79 144/265 587/1245 89/180][Mapped IP/Port: 93.35.171.209:39032][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 49:1A:C7:70:3E:79:F9:C5:3D:0F:46:33:B7:A4:EC:54:B0:93:C9:61][Validity: 2023-06-19 17:32:20 - 2024-06-19 17:32:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (HrRgpad)][Plen Bins: 0,8,37,9,4,0,0,0,38,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.12.156:38152 <-> 142.250.82.76:3478 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 17][cat: VoIP/10][55 pkts/7402 bytes <-> 24 pkts/3525 bytes][Goodput ratio: 69/71][6.63 sec][bytes ratio: 0.355 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 109/184 402/761 143/224][Pkt Len c2s/s2c min/avg/max/stddev: 87/82 135/147 423/579 69/115][Mapped IP/Port: 93.35.171.209:39032][PLAIN TEXT (HrRgpad)][Plen Bins: 0,39,34,15,0,1,0,0,5,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.12.156:45400 <-> 142.250.82.76:3478 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][17 pkts/2694 bytes <-> 16 pkts/1696 bytes][Goodput ratio: 73/60][54.70 sec][bytes ratio: 0.227 (Upload)][IAT c2s/s2c min/avg/max/stddev: 90/78 3250/2028 17905/6554 4698/2127][Pkt Len c2s/s2c min/avg/max/stddev: 158/106 158/106 166/106 2/0][Mapped IP/Port: 93.35.171.209:39033][PLAIN TEXT (HrRgpad)][Plen Bins: 0,0,48,51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 UDP 192.168.12.156:38152 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10019/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39032][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (kAGNNzv)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 UDP 192.168.12.156:45400 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10020/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39033][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (tcEcaq476)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 UDP 192.168.12.156:45400 <-> 142.250.82.76:19305 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/324 bytes <-> 2 pkts/212 bytes][Goodput ratio: 74/60][0.63 sec][Mapped IP/Port: 93.35.171.209:39033][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (ByyD/CC)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 192.168.12.156:38152 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10019/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39032][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (kAGNNzv)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 UDP 192.168.12.156:45400 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10020/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39033][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (tcEcaq476)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 192.168.12.156:45400 <-> 142.250.82.76:19305 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/324 bytes <-> 2 pkts/212 bytes][Goodput ratio: 74/60][0.63 sec][Mapped IP/Port: 93.35.171.209:39033][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (ByyD/CC)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out b/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out
index 3ab5223b0..28e93a586 100644
--- a/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out
+++ b/tests/cfgs/default/result/stun_msteams_unidir.pcapng.out
@@ -24,4 +24,4 @@ Skype_TeamsCall 12 5944 1
Acceptable 12 5944 1
- 1 UDP 52.115.136.55:3479 -> 10.0.0.1:50006 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][12 pkts/5944 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][4.53 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 453/0 1210/0 379/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 495/0 1257/0 539/0][Mapped IP/Port: 82.178.63.123:50006][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,16,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 52.115.136.55:3479 -> 10.0.0.1:50006 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][12 pkts/5944 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][4.53 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 453/0 1210/0 379/0][Pkt Len c2s/s2c min/avg/max/stddev: 81/0 495/0 1257/0 539/0][Mapped IP/Port: 82.178.63.123:50006][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,16,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun_signal.pcapng.out b/tests/cfgs/default/result/stun_signal.pcapng.out
index ec39dbf16..4c3ade23a 100644
--- a/tests/cfgs/default/result/stun_signal.pcapng.out
+++ b/tests/cfgs/default/result/stun_signal.pcapng.out
@@ -27,8 +27,8 @@ SignalVoip 407 43310 21
Acceptable 460 48496 23
- 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Mapped IP/Port: 93.47.225.19:11914][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.12.169:47767 <-> 18.195.131.143:61498 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][18 pkts/1900 bytes <-> 35 pkts/6496 bytes][Goodput ratio: 60/77][2.67 sec][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 173/74 665/630 186/150][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 106/186 146/306 26/92][Mapped IP/Port: 93.47.225.19:11932][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (80JiLM)][Plen Bins: 13,16,18,18,9,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Mapped IP/Port: 93.47.225.19:11914][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.169:47767 <-> 18.195.131.143:61498 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][18 pkts/1900 bytes <-> 35 pkts/6496 bytes][Goodput ratio: 60/77][2.67 sec][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 173/74 665/630 186/150][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 106/186 146/306 26/92][Mapped IP/Port: 93.47.225.19:11932][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (80JiLM)][Plen Bins: 13,16,18,18,9,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 ICMP 35.158.183.167:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][30 pkts/2780 bytes <-> 4 pkts/552 bytes][Goodput ratio: 55/69][51.83 sec][bytes ratio: 0.669 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 906/1 7931/1 2120/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: No server to client traffic / Entropy: 5.051 (Executable?)][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 0,88,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.12.169:43068 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][13 pkts/1598 bytes <-> 13 pkts/1638 bytes][Goodput ratio: 66/67][31.02 sec][Hostname/SNI: signal.org][bytes ratio: -0.012 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2090/2098 10035/10033 3616/3611][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 123/126 174/190 47/25][Mapped IP/Port: 93.47.225.19:11910][Peer IP/Port: 18.195.131.143:61156][Relayed IP/Port: 35.158.183.167:64458][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (xYXlLJQ)][Plen Bins: 19,15,26,30,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.12.169:47767 <-> 35.158.122.211:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][11 pkts/1338 bytes <-> 11 pkts/1354 bytes][Goodput ratio: 65/66][22.74 sec][Hostname/SNI: signal.org][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2483/2337 10020/10020 3944/4010][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 122/123 158/190 44/25][Mapped IP/Port: 93.47.225.19:11928][Peer IP/Port: 18.195.131.143:54054][Relayed IP/Port: 35.158.122.211:51358][Rsp Origin IP/Port: 35.158.122.211:3478][Other IP/Port: 35.158.122.211:80][PLAIN TEXT (rMfcsrHE)][Plen Bins: 18,18,27,31,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -41,12 +41,12 @@ Acceptable 460 48496 23
12 UDP 192.168.12.169:47204 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/448 bytes <-> 4 pkts/504 bytes][Goodput ratio: 62/67][4.85 sec][Hostname/SNI: signal.org][bytes ratio: -0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 41/42 1612/1612 4721/4721 2198/2199][Pkt Len c2s/s2c min/avg/max/stddev: 62/110 112/126 158/134 46/10][Mapped IP/Port: 93.47.225.19:11889][Relayed IP/Port: 35.158.183.167:54498][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (nYAy610)][Plen Bins: 25,0,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 UDP 192.168.12.169:37970 -> 35.158.122.211:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][14 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][15.78 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 984/0 7992/0 2186/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (braaHWB)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 192.168.12.169:47767 -> 35.158.122.211:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][14 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][15.78 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 982/0 8022/0 2200/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (BtotYst)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 UDP 192.168.12.169:37970 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/250 4201/2720 10126/10103 4828/4263][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11929][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BNEmtWH)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 UDP 192.168.12.169:39950 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.40 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/248 4203/2720 10135/10132 4842/4279][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11911][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (quISgYTP)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 17 UDP 192.168.12.169:43068 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.38 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/249 4201/2720 10128/10128 4837/4277][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11910][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BnDbEJB)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 UDP 192.168.12.169:47767 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 249/250 4202/2720 10130/10105 4830/4264][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11928][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (lbMRpRo)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 UDP 192.168.12.169:47767 <-> 18.195.131.143:54054 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/390 bytes <-> 3 pkts/350 bytes][Goodput ratio: 68/64][0.18 sec][bytes ratio: 0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/4 48/52 90/101 42/48][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 130/117 146/138 17/15][Mapped IP/Port: 93.47.225.19:11928][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (JUrAzE1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 UDP 192.168.12.169:37970 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/250 4201/2720 10126/10103 4828/4263][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11929][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BNEmtWH)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 UDP 192.168.12.169:39950 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.40 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/248 4203/2720 10135/10132 4842/4279][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11911][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (quISgYTP)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 17 UDP 192.168.12.169:43068 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.38 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/249 4201/2720 10128/10128 4837/4277][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11910][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BnDbEJB)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 UDP 192.168.12.169:47767 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 249/250 4202/2720 10130/10105 4830/4264][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11928][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (lbMRpRo)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 UDP 192.168.12.169:47767 <-> 18.195.131.143:54054 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/390 bytes <-> 3 pkts/350 bytes][Goodput ratio: 68/64][0.18 sec][bytes ratio: 0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/4 48/52 90/101 42/48][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 130/117 146/138 17/15][Mapped IP/Port: 93.47.225.19:11928][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (JUrAzE1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 UDP 192.168.12.169:39518 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][10 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][3.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 64/0 424/0 1928/0 598/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 UDP 192.168.12.169:47204 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][10 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][3.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 63/0 424/0 1928/0 597/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 UDP 192.168.12.169:39518 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.62 sec][Mapped IP/Port: 93.47.225.19:11888][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 UDP 192.168.12.169:47204 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.63 sec][Mapped IP/Port: 93.47.225.19:11889][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 22 UDP 192.168.12.169:39518 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.62 sec][Mapped IP/Port: 93.47.225.19:11888][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 UDP 192.168.12.169:47204 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.63 sec][Mapped IP/Port: 93.47.225.19:11889][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/stun_wa_call.pcapng.out b/tests/cfgs/default/result/stun_wa_call.pcapng.out
index 63389cdfb..b264923dd 100644
--- a/tests/cfgs/default/result/stun_wa_call.pcapng.out
+++ b/tests/cfgs/default/result/stun_wa_call.pcapng.out
@@ -29,12 +29,12 @@ Acceptable 591 133689 13
1 UDP 192.168.12.156:46652 <-> 93.57.123.227:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][171 pkts/28371 bytes <-> 206 pkts/29803 bytes][Goodput ratio: 75/71][31.78 sec][bytes ratio: -0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 178/151 2505/2463 255/222][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 166/145 434/446 100/85][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 93.57.123.227:3478][Plen Bins: 14,41,11,8,2,2,3,2,5,4,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.156:49526 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][48 pkts/12953 bytes <-> 73 pkts/40083 bytes][Goodput ratio: 84/92][14.68 sec][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 191/164 3009/3009 684/623][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 270/549 542/1155 203/421][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.203.62:3478][PLAIN TEXT (dsUmpy)][Plen Bins: 8,18,19,1,0,0,0,0,3,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,2,4,2,1,2,3,4,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.12.156:49526 <-> 93.33.118.87:41107 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][8 pkts/3465 bytes <-> 8 pkts/5392 bytes][Goodput ratio: 90/94][0.38 sec][bytes ratio: -0.218 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/35 124/160 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 75/86 433/674 997/876 437/340][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,38,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,18,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.156:49526 <-> 93.33.118.87:41107 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][8 pkts/3465 bytes <-> 8 pkts/5392 bytes][Goodput ratio: 90/94][0.38 sec][bytes ratio: -0.218 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/35 124/160 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 75/86 433/674 997/876 437/340][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,38,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,18,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.12.156:46652 <-> 157.240.21.51:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/831 29269/2494 12355/1176][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.21.51:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.12.156:46652 <-> 157.240.195.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 7942/832 29268/2497 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.195.48:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.12.156:46652 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/832 29269/2496 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.203.62:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.12.156:46652 <-> 157.240.231.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/833 29269/2497 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.231.62:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP 192.168.12.156:49526 -> 10.82.40.241:40436 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.68 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 548/0 562/0 602/0 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.156:49526 -> 10.82.40.241:40436 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.68 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 548/0 562/0 602/0 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 192.168.12.156:49526 <-> 157.240.196.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.196.62:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP 192.168.12.156:49526 <-> 157.240.231.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.231.62:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP 192.168.12.156:49526 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 179.60.192.48:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out
index bf8fa8c92..5657e1c86 100644
--- a/tests/cfgs/default/result/synscan.pcap.out
+++ b/tests/cfgs/default/result/synscan.pcap.out
@@ -98,7 +98,7 @@ Unrated 1848 107192 1844
1 TCP 172.16.0.8:36050 <-> 64.13.134.52:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RemoteAccess/12][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.68 sec][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 172.16.0.8:36050 <-> 64.13.134.52:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Network/14][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.09 sec][0.0.0.0][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 172.16.0.8:36050 <-> 64.13.134.52:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.27 sec][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 172.16.0.8:36050 <-> 64.13.134.52:25 [proto: 3/SMTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Email/3][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 172.16.0.8:36050 <-> 64.13.134.52:25 [proto: 3/SMTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Email/3][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 172.16.0.8:36050 -> 64.13.134.52:20 [proto: 175/FTP_DATA][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 172.16.0.8:36050 -> 64.13.134.52:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 172.16.0.8:36050 -> 64.13.134.52:23 [proto: 77/Telnet][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -145,7 +145,7 @@ Unrated 1848 107192 1844
48 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
49 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
50 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 51 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 439/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 51 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 440/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 TCP 172.16.0.8:36050 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
54 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -218,7 +218,7 @@ Unrated 1848 107192 1844
121 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
122 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
123 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 124 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 439/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 124 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 440/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
125 TCP 172.16.0.8:36051 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
126 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
127 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -248,10 +248,10 @@ Unrated 1848 107192 1844
Undetected flows:
- 1 TCP 172.16.0.8:36050 <-> 64.13.134.52:70 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 172.16.0.8:36050 <-> 64.13.134.52:113 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 172.16.0.8:36050 <-> 64.13.134.52:31337 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 172.16.0.8:36061 <-> 64.13.134.52:113 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 172.16.0.8:36050 <-> 64.13.134.52:70 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 172.16.0.8:36050 <-> 64.13.134.52:113 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 172.16.0.8:36050 <-> 64.13.134.52:31337 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 172.16.0.8:36061 <-> 64.13.134.52:113 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 172.16.0.8:36050 -> 64.13.134.52:1 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 172.16.0.8:36050 -> 64.13.134.52:3 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 172.16.0.8:36050 -> 64.13.134.52:4 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/syslog.pcap.out b/tests/cfgs/default/result/syslog.pcap.out
index 61915277f..3fc939a77 100644
--- a/tests/cfgs/default/result/syslog.pcap.out
+++ b/tests/cfgs/default/result/syslog.pcap.out
@@ -34,7 +34,7 @@ Unrated 1 78 1
4 UDP 195.120.165.134:514 -> 83.235.169.221:11000 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 17/Syslog, Confidence: DPI][DPI packets: 1][cat: System/18][4 pkts/1954 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][1.03 sec][PLAIN TEXT (1 2022)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 10.94.80.60:39438 -> 10.94.150.22:514 [VLAN: 2005][proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 17/Syslog, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/1316 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][PLAIN TEXT (Mar 9 04)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
6 UDP 192.168.126.102:57166 -> 172.19.177.230:514 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 17/Syslog, Confidence: DPI][DPI packets: 1][cat: System/18][4 pkts/1157 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][26.59 sec][PLAIN TEXT (syslog@9 s)][Plen Bins: 0,0,0,0,0,0,0,75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 TCP 10.186.117.194:49948 -> 169.46.82.162:52173 [VLAN: 1506][proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: System/18][10 pkts/932 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][196.31 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 520/0 21812/0 184780/0 57626/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 93/0 206/0 38/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (1 2021)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 TCP 10.186.117.194:49948 -> 169.46.82.162:52173 [VLAN: 1506][proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: System/18][10 pkts/932 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][196.31 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 520/0 21812/0 184780/0 57626/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 93/0 206/0 38/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 514,601,6514][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (1 2021)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 10.22.179.215:57166 -> 172.26.54.76:514 [proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 17/Syslog, Confidence: DPI][DPI packets: 1][cat: System/18][5 pkts/852 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][35.05 sec][PLAIN TEXT (syslog@9 s)][Plen Bins: 0,0,0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 10.11.105.154:20627 -> 10.6.15.11:514 [VLAN: 408][proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 17/Syslog, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/761 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][PLAIN TEXT (09 time)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP 10.94.232.21:57374 -> 10.94.150.21:514 [VLAN: 2005][proto: 17/Syslog][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 17/Syslog, Confidence: DPI][DPI packets: 1][cat: System/18][5 pkts/740 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][PLAIN TEXT (Mar 9 04)][Plen Bins: 0,0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/tcp_scan.pcapng.out b/tests/cfgs/default/result/tcp_scan.pcapng.out
index ccb7ffe6e..e0d3000e8 100644
--- a/tests/cfgs/default/result/tcp_scan.pcapng.out
+++ b/tests/cfgs/default/result/tcp_scan.pcapng.out
@@ -33,13 +33,13 @@ Safe 4 272 1
Acceptable 8 528 3
Unrated 6 342 3
- 1 TCP 192.168.1.178:56272 <-> 192.168.1.2:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_255_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 192.168.1.178:56273 <-> 192.168.1.2:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_255_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 192.168.1.178:56274 <-> 192.168.1.2:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][1 pkts/78 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][TCP Fingerprint: 2_255_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 192.168.1.178:43067 <-> 192.168.1.2:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: RemoteAccess/12][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** Desktop/File Sharing **** TCP Connection Issues **][Risk Score: 60][Risk Info: Connection refused (server) / Found RDP][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.1.178:56272 <-> 192.168.1.2:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_255_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 192.168.1.178:56273 <-> 192.168.1.2:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][3 pkts/198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_255_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 192.168.1.178:56274 <-> 192.168.1.2:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][1 pkts/78 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (server) / TCP probing attempt][TCP Fingerprint: 2_255_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 192.168.1.178:43067 <-> 192.168.1.2:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: RemoteAccess/12][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** Desktop/File Sharing **** TCP Connection Issues **** Probing Attempt **][Risk Score: 110][Risk Info: Connection refused (server) / TCP probing attempt / Found RDP][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Undetected flows:
- 1 TCP 192.168.1.178:57916 <-> 192.168.1.2:3391 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: TCP NULL scan][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 192.168.1.178:62971 <-> 192.168.1.2:3390 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: TCP FIN scan][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 192.168.1.178:63243 <-> 192.168.1.2:3392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: TCP XMAS scan][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.1.178:57916 <-> 192.168.1.2:3391 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP NULL scan / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 192.168.1.178:62971 <-> 192.168.1.2:3390 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP FIN scan / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 192.168.1.178:63243 <-> 192.168.1.2:3392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP XMAS scan / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out
index 0373a15ec..4b74a7802 100644
--- a/tests/cfgs/default/result/teams.pcap.out
+++ b/tests/cfgs/default/result/teams.pcap.out
@@ -86,24 +86,24 @@ JA3 Host Stats:
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
- 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
+ 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 125/Skype_Teams, Confidence: DNS][DPI packets: 5][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
- 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
- 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
+ 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
+ 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][Mapped IP/Port: 93.71.110.205:16332][Peer IP/Port: 159.145.24.130:64794][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
45 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
46 UDP 192.168.1.6:50017 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 99/97 2002/2002 3906/3906 1904/1904][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
47 UDP 192.168.1.6:50037 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 95/94 2000/2000 3905/3905 1905/1906][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
51 UDP 192.168.1.6:50016 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 UDP 192.168.1.6:50036 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -115,8 +115,8 @@ JA3 Host Stats:
59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.219/DNS.Microsoft365, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.26/DNS.ntop, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][0.0.0.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/teamviewer.pcap.out b/tests/cfgs/default/result/teamviewer.pcap.out
index ff2d40026..ffeb52489 100644
--- a/tests/cfgs/default/result/teamviewer.pcap.out
+++ b/tests/cfgs/default/result/teamviewer.pcap.out
@@ -26,4 +26,4 @@ TeamViewer 352 172990 2
Acceptable 352 172990 2
1 TCP 10.0.2.15:35732 <-> 162.250.2.170:5938 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RemoteAccess/12][129 pkts/67997 bytes <-> 160 pkts/73349 bytes][Goodput ratio: 89/88][399.56 sec][bytes ratio: -0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3451/2522 50678/50677 9036/8571][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 527/458 1514/1514 537/563][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (XDsiBZ)][Plen Bins: 9,4,0,2,0,2,8,0,2,0,0,1,0,1,2,0,0,2,2,0,0,0,2,1,0,0,1,0,0,0,0,0,0,23,1,0,0,2,1,1,1,1,0,0,1,23,0,0]
- 2 UDP 10.0.2.15:34417 <-> 93.47.224.241:36037 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RemoteAccess/12][1 pkts/138 bytes <-> 62 pkts/31506 bytes][Goodput ratio: 69/92][1.32 sec][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/23 0/442 0/75][Pkt Len c2s/s2c min/avg/max/stddev: 138/58 138/508 138/1066 0/452][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found TeamViewer][PLAIN TEXT (93.47.224.241)][Plen Bins: 11,17,14,3,3,1,3,1,0,0,0,1,0,0,3,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 10.0.2.15:34417 <-> 93.47.224.241:36037 [proto: 148/TeamViewer][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RemoteAccess/12][1 pkts/138 bytes <-> 62 pkts/31506 bytes][Goodput ratio: 69/92][1.32 sec][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/23 0/442 0/75][Pkt Len c2s/s2c min/avg/max/stddev: 138/58 138/508 138/1066 0/452][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found TeamViewer / Expected on port 5938][PLAIN TEXT (93.47.224.241)][Plen Bins: 11,17,14,3,3,1,3,1,0,0,0,1,0,0,3,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/telegram_videocall.pcapng.out b/tests/cfgs/default/result/telegram_videocall.pcapng.out
index c52b60984..6fab19821 100644
--- a/tests/cfgs/default/result/telegram_videocall.pcapng.out
+++ b/tests/cfgs/default/result/telegram_videocall.pcapng.out
@@ -41,27 +41,27 @@ Acceptable 883 382822 33
1 TCP 192.168.12.169:37950 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][156 pkts/40749 bytes <-> 214 pkts/142865 bytes][Goodput ratio: 75/90][41.14 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 246/152 12847/5983 1291/707][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/668 1090/1294 224/564][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.257 (Encrypted Executable?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (MMHu@J)][Plen Bins: 0,0,2,2,4,5,6,4,4,3,0,1,0,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0]
2 TCP 192.168.12.169:40830 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][80 pkts/7287 bytes <-> 100 pkts/120708 bytes][Goodput ratio: 27/95][28.19 sec][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 437/1 25008/31 3114/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/1207 644/1294 95/289][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.638 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (elySaT)][Plen Bins: 0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,94,0,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Mapped IP/Port: 93.47.225.70:11624][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Mapped IP/Port: 93.47.225.70:11624][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.12.169:40832 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][18 pkts/2256 bytes <-> 15 pkts/13705 bytes][Goodput ratio: 47/93][28.20 sec][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/280 2909/2997 746/859][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 125/914 644/1294 150/495][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.526 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (lmd/HB)][Plen Bins: 0,0,0,0,6,6,6,0,0,0,6,0,0,0,0,0,0,0,6,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.12.169:46862 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][11 pkts/1963 bytes <-> 8 pkts/2558 bytes][Goodput ratio: 63/79][10.13 sec][bytes ratio: -0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1124/32 9909/87 3106/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/320 452/670 155/261][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.322 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,11,0,22,0,0,0,0,22,0,11,0,0,0,11,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 192.168.12.169:46866 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][9 pkts/1879 bytes <-> 6 pkts/1822 bytes][Goodput ratio: 68/78][10.11 sec][bytes ratio: 0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/30 1440/34 9925/41 3464/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 209/304 436/839 161/306][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.504 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,14,0,0,0,14,0,14,0,28,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 UDP 192.168.12.169:40643 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][8 pkts/1224 bytes <-> 10 pkts/1236 bytes][Goodput ratio: 72/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 2360/1766 13458/13458 4964/4420][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 153/124 170/190 33/25][Mapped IP/Port: 93.47.225.70:11618][Peer IP/Port: 10.46.103.200:42554][Relayed IP/Port: 91.108.9.35:56058][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 5,16,34,16,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP 192.168.12.169:40906 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 98/0 1088/0 1553/0 481/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (BBEvpfJJpa)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 UDP 192.168.12.169:42405 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 97/0 1047/0 2004/0 541/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (bfyeXPVa97N)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 192.168.12.169:40643 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][8 pkts/1224 bytes <-> 10 pkts/1236 bytes][Goodput ratio: 72/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 2360/1766 13458/13458 4964/4420][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 153/124 170/190 33/25][Mapped IP/Port: 93.47.225.70:11618][Peer IP/Port: 10.46.103.200:42554][Relayed IP/Port: 91.108.9.35:56058][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 5,16,34,16,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.169:40906 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 98/0 1088/0 1553/0 481/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (BBEvpfJJpa)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 UDP 192.168.12.169:42405 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 97/0 1047/0 2004/0 541/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (bfyeXPVa97N)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 192.168.12.169:40834 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][5 pkts/788 bytes <-> 3 pkts/890 bytes][Goodput ratio: 57/77][0.17 sec][bytes ratio: -0.061 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/47 24/68 42/90 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/297 315/750 110/321][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.107 (Compressed Executable?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 11 UDP 192.168.12.169:49667 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 82/81 176/176 283/284 76/77][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11619][Peer IP/Port: 10.46.103.200:42554][Relayed IP/Port: 91.108.13.23:62318][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (ehscoNGDW)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 UDP 192.168.12.169:49780 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 83/84 174/175 253/252 62/61][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11620][Peer IP/Port: 10.46.103.200:42554][Relayed IP/Port: 91.108.17.2:45408][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 11 UDP 192.168.12.169:49667 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 82/81 176/176 283/284 76/77][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11619][Peer IP/Port: 10.46.103.200:42554][Relayed IP/Port: 91.108.13.23:62318][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (ehscoNGDW)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 UDP 192.168.12.169:49780 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 83/84 174/175 253/252 62/61][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11620][Peer IP/Port: 10.46.103.200:42554][Relayed IP/Port: 91.108.17.2:45408][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 192.168.12.169:37966 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][5 pkts/1117 bytes <-> 3 pkts/464 bytes][Goodput ratio: 70/55][0.15 sec][bytes ratio: 0.413 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 20/62 33/91 13/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 223/155 532/324 196/120][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.574 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,33,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 UDP 192.168.12.169:37444 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 159/159 7082/7082 14005/14005 6923/6923][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11623][Relayed IP/Port: 91.108.17.2:35898][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 UDP 192.168.12.169:37530 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/132 7082/7082 14032/14032 6950/6950][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11622][Relayed IP/Port: 91.108.13.23:34290][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 UDP 192.168.12.169:37849 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 30/45 7084/7084 14138/14124 7054/7040][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11621][Relayed IP/Port: 91.108.9.35:63273][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Bs/cdOs)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 17 UDP 192.168.12.169:40906 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/248 bytes <-> 2 pkts/244 bytes][Goodput ratio: 66/65][0.13 sec][Mapped IP/Port: 93.47.225.70:11616][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 UDP 192.168.12.169:40906 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 UDP 192.168.12.169:40906 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.28 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (RBkPSgr)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 20 UDP 192.168.12.169:40906 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 21 UDP 192.168.12.169:42197 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BZOyNeHQUCZIf)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 UDP 192.168.12.169:42197 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.27 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BrHWdEqa2)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 UDP 192.168.12.169:42197 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BYyA/MmBER1)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 UDP 192.168.12.169:37444 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 159/159 7082/7082 14005/14005 6923/6923][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11623][Relayed IP/Port: 91.108.17.2:35898][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 UDP 192.168.12.169:37530 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/132 7082/7082 14032/14032 6950/6950][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11622][Relayed IP/Port: 91.108.13.23:34290][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 UDP 192.168.12.169:37849 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 30/45 7084/7084 14138/14124 7054/7040][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11621][Relayed IP/Port: 91.108.9.35:63273][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Bs/cdOs)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 17 UDP 192.168.12.169:40906 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/248 bytes <-> 2 pkts/244 bytes][Goodput ratio: 66/65][0.13 sec][Mapped IP/Port: 93.47.225.70:11616][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 UDP 192.168.12.169:40906 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 UDP 192.168.12.169:40906 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.28 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (RBkPSgr)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 20 UDP 192.168.12.169:40906 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 21 UDP 192.168.12.169:42197 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BZOyNeHQUCZIf)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 22 UDP 192.168.12.169:42197 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.27 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BrHWdEqa2)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 UDP 192.168.12.169:42197 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BYyA/MmBER1)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 UDP 192.168.12.1:17500 -> 192.168.12.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][30.01 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 TCP 18.195.162.93:443 <-> 192.168.12.169:38956 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/163 bytes <-> 2 pkts/132 bytes][Goodput ratio: 19/0][5.09 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 TCP 192.168.12.169:40710 <-> 52.58.18.25:5222 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Cloud/13][2 pkts/144 bytes <-> 2 pkts/144 bytes][Goodput ratio: 8/8][0.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -69,7 +69,7 @@ Acceptable 883 382822 33
28 ICMP 192.168.12.169:0 -> 91.108.9.35:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.590 (Executable?)][PLAIN TEXT (ORtRLoo/fpi)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 ICMP 192.168.12.169:0 -> 91.108.13.23:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.612 (Executable?)][PLAIN TEXT (BuBNffVSd)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 ICMP 192.168.12.169:0 -> 91.108.17.2:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.01 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.737 (Executable?)][PLAIN TEXT (KHOirrFTCqEz)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 31 TCP 192.168.12.169:37948 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][FPC: 185/Telegram, Confidence: IP address][DPI packets: 3][cat: Chat/9][2 pkts/128 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 31 TCP 192.168.12.169:37948 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][FPC: 185/Telegram, Confidence: IP address][DPI packets: 3][cat: Chat/9][2 pkts/128 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 UDP [fe80::abe:acff:fe0b:176e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 ICMPV6 [fe80::abe:acff:fe0b:176e]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/telegram_videocall_2.pcapng.out b/tests/cfgs/default/result/telegram_videocall_2.pcapng.out
new file mode 100644
index 000000000..bfc843a91
--- /dev/null
+++ b/tests/cfgs/default/result/telegram_videocall_2.pcapng.out
@@ -0,0 +1,37 @@
+DPI Packets (UDP): 20 (2.50 pkts/flow)
+Confidence DPI : 8 (flows)
+Num dissector calls: 204 (25.50 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun: 4/18/0 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/0/0 (insert/search/found)
+Automa host: 2/0 (search/found)
+Automa domain: 2/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 1/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 12/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 1/0 (search/found)
+Patricia protocols: 8/6 (search/found)
+Patricia protocols IPv6: 2/0 (search/found)
+
+MDNS 2 194 2
+STUN 8 560 2
+Telegram 61 9370 3
+TelegramVoip 244 121141 1
+
+Acceptable 315 131265 8
+
+ 1 UDP 192.168.12.67:39968 <-> 91.108.9.106:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][124 pkts/50596 bytes <-> 120 pkts/70545 bytes][Goodput ratio: 90/93][2.48 sec][Hostname/SNI: telegram.org][bytes ratio: -0.165 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/20 633/629 67/66][Pkt Len c2s/s2c min/avg/max/stddev: 70/84 408/588 1253/1235 406/467][Mapped IP/Port: 93.35.170.144:39295][Peer IP/Port: 91.108.9.106:52874][Relayed IP/Port: 91.108.9.106:37674][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (1/talggGwr)][Plen Bins: 0,22,11,4,10,2,6,1,7,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,3,6,4,2,0,0,1,4,6,3,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.67:44275 <-> 91.108.9.10:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][17 pkts/2958 bytes <-> 16 pkts/2740 bytes][Goodput ratio: 76/75][2.07 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 85/139 514/688 135/213][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 174/171 638/614 119/118][PLAIN TEXT (OUePGE4)][Plen Bins: 0,6,42,39,3,3,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.67:42417 <-> 91.108.13.26:598 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][9 pkts/1266 bytes <-> 9 pkts/1154 bytes][Goodput ratio: 70/67][1.72 sec][bytes ratio: 0.046 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 51/42 198/214 514/512 144/169][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 141/128 162/162 33/15][PLAIN TEXT (03U/SsH)][Plen Bins: 0,11,50,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 192.168.12.67:46675 <-> 91.108.17.8:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][5 pkts/650 bytes <-> 5 pkts/602 bytes][Goodput ratio: 68/65][1.68 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 191/190 333/382 514/569 125/162][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 130/120 162/130 39/12][Plen Bins: 0,20,50,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 192.168.12.67:39329 -> 91.108.13.3:1400 [proto: 78/STUN][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][1.75 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 UDP 192.168.12.67:44679 -> 91.108.17.49:1400 [proto: 78/STUN][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][1.75 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (sENzap5)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP [fe80::76da:38ff:feed:5332]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/telegram_voice.pcapng.out b/tests/cfgs/default/result/telegram_voice.pcapng.out
new file mode 100644
index 000000000..f826d0e45
--- /dev/null
+++ b/tests/cfgs/default/result/telegram_voice.pcapng.out
@@ -0,0 +1,41 @@
+DPI Packets (UDP): 28 (3.11 pkts/flow)
+DPI Packets (other): 1 (1.00 pkts/flow)
+Confidence DPI : 10 (flows)
+Num dissector calls: 206 (20.60 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun: 8/24/0 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 1/0/0 (insert/search/found)
+Automa host: 4/2 (search/found)
+Automa domain: 4/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 4/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 16/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 1/0 (search/found)
+Patricia protocols: 11/7 (search/found)
+Patricia protocols IPv6: 2/0 (search/found)
+
+MDNS 2 194 2
+ICMP 5 812 1
+Telegram 86 17936 3
+GoogleServices 2 208 1
+TelegramVoip 773 144403 3
+
+Acceptable 868 163553 10
+
+ 1 UDP 192.168.12.67:42567 <-> 91.108.9.34:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][401 pkts/72973 bytes <-> 341 pkts/67660 bytes][Goodput ratio: 77/79][14.03 sec][Hostname/SNI: telegram.org][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/37 364/362 30/30][Pkt Len c2s/s2c min/avg/max/stddev: 70/84 182/198 329/330 82/86][Mapped IP/Port: 93.35.170.144:39263][Peer IP/Port: 91.108.9.34:47026][Relayed IP/Port: 91.108.9.34:51052][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 0,28,6,5,5,1,6,21,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.67:41011 <-> 91.108.9.68:596 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][12 pkts/2100 bytes <-> 60 pkts/14416 bytes][Goodput ratio: 76/83][10.53 sec][bytes ratio: -0.746 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 55/27 245/216 71/45][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 175/240 614/682 138/121][PLAIN TEXT (kWpcVUz)][Plen Bins: 0,4,28,20,2,1,1,2,35,2,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.67:46013 <-> 91.108.13.52:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][10 pkts/1084 bytes <-> 6 pkts/804 bytes][Goodput ratio: 61/69][12.44 sec][Hostname/SNI: telegram.org][bytes ratio: 0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/0 1188/0 4001/0 1191/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 108/134 166/134 47/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (v/cApISKdp)][Plen Bins: 37,0,37,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 192.168.12.67:44405 <-> 91.108.17.41:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][11 pkts/1346 bytes <-> 4 pkts/536 bytes][Goodput ratio: 66/69][12.70 sec][Hostname/SNI: telegram.org][bytes ratio: 0.430 (Upload)][IAT c2s/s2c min/avg/max/stddev: 251/0 1355/0 4002/0 1120/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 122/134 166/134 48/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BIWk/i)][Plen Bins: 33,0,26,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 192.168.12.67:39027 <-> 91.108.13.51:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][4 pkts/376 bytes <-> 4 pkts/480 bytes][Goodput ratio: 55/65][10.63 sec][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 36/88 3502/3502 9969/10006 4577/4601][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 94/120 130/162 21/24][PLAIN TEXT (BDlMWdxrdJP)][Plen Bins: 0,37,50,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 ICMP 192.168.12.67:0 -> 91.108.9.34:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/812 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.07 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 6.979 (Compressed Executable?)][PLAIN TEXT (XYRpDQCom)][Plen Bins: 0,0,20,60,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 192.168.12.67:46868 <-> 91.108.17.7:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][3 pkts/246 bytes <-> 3 pkts/318 bytes][Goodput ratio: 49/60][10.65 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 500/500 5253/5253 10006/10006 4753/4753][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.67:44574 <-> 192.168.12.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.239/DNS.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/112 bytes][Goodput ratio: 56/62][0.00 sec][Hostname/SNI: crashlyticsreports-pa.googleapis.com][0.0.0.0][PLAIN TEXT (crashlyticsreports)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 UDP [fe80::76da:38ff:feed:5332]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/teso.pcapng.out b/tests/cfgs/default/result/teso.pcapng.out
index c8dc20848..97a773ea8 100644
--- a/tests/cfgs/default/result/teso.pcapng.out
+++ b/tests/cfgs/default/result/teso.pcapng.out
@@ -24,5 +24,5 @@ TES_Online 8 2253 2
Fun 8 2253 2
- 1 TCP 192.168.88.231:56158 <-> 159.100.232.124:24120 [proto: 408/TES_Online][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][3 pkts/1064 bytes <-> 1 pkts/74 bytes][Goodput ratio: 81/0][0.05 sec][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][PLAIN TEXT (gachimuchileatherman)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 192.168.88.231:47860 <-> 159.100.232.114:24504 [proto: 408/TES_Online][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][3 pkts/1041 bytes <-> 1 pkts/74 bytes][Goodput ratio: 80/0][0.04 sec][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Unknown][PLAIN TEXT (eso.live.9.3.6.2849903)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.88.231:56158 <-> 159.100.232.124:24120 [proto: 408/TES_Online][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][3 pkts/1064 bytes <-> 1 pkts/74 bytes][Goodput ratio: 81/0][0.05 sec][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][PLAIN TEXT (gachimuchileatherman)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 192.168.88.231:47860 <-> 159.100.232.114:24504 [proto: 408/TES_Online][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][3 pkts/1041 bytes <-> 1 pkts/74 bytes][Goodput ratio: 80/0][0.04 sec][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][PLAIN TEXT (eso.live.9.3.6.2849903)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/tftp.pcap.out b/tests/cfgs/default/result/tftp.pcap.out
index a5c2e284d..f8730efc6 100644
--- a/tests/cfgs/default/result/tftp.pcap.out
+++ b/tests/cfgs/default/result/tftp.pcap.out
@@ -27,10 +27,10 @@ TFTP 109 31453 9
Acceptable 109 31453 9
- 1 UDP 192.168.0.10:3445 <-> 192.168.0.253:50618 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: DataTransfer/4][49 pkts/26853 bytes <-> 49 pkts/2940 bytes][Goodput ratio: 92/7][< 1 sec][bytes ratio: 0.803 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2 3/3 9/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 69/60 548/60 558/60 69/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Network Working Group )][Plen Bins: 51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 172.28.5.170:62058 <-> 172.28.5.91:44618 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: DataTransfer/4][2 pkts/92 bytes <-> 2 pkts/1116 bytes][Goodput ratio: 9/92][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BCCCCCC)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.0.10:3445 <-> 192.168.0.253:50618 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: DataTransfer/4][49 pkts/26853 bytes <-> 49 pkts/2940 bytes][Goodput ratio: 92/7][< 1 sec][bytes ratio: 0.803 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2 3/3 9/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 69/60 548/60 558/60 69/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 69][PLAIN TEXT (Network Working Group )][Plen Bins: 51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 172.28.5.170:62058 <-> 172.28.5.91:44618 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: DataTransfer/4][2 pkts/92 bytes <-> 2 pkts/1116 bytes][Goodput ratio: 9/92][0.00 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 69][PLAIN TEXT (BCCCCCC)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.2.45:35840 -> 192.168.2.200:69 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 96/TFTP, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Filename: empty100KB][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (blksize)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 UDP 192.168.2.200:47649 -> 192.168.2.45:35840 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 96/TFTP, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (blksize)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 192.168.2.200:47649 -> 192.168.2.45:35840 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 96/TFTP, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 69][PLAIN TEXT (blksize)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.0.253:50618 -> 192.168.0.10:69 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 96/TFTP, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/62 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Filename: rfc1350.txt][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (1350.txt)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 172.28.4.53:54626 -> 172.16.5.170:69 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][1 pkts/61 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 172.28.4.53:54627 -> 172.16.5.170:69 [proto: 96/TFTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 96/TFTP, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][1 pkts/61 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][< 1 sec][Filename: sysman.lis][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (sysman.lis)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/tinc.pcap.out b/tests/cfgs/default/result/tinc.pcap.out
index 0ee3b26c4..8a68a871a 100644
--- a/tests/cfgs/default/result/tinc.pcap.out
+++ b/tests/cfgs/default/result/tinc.pcap.out
@@ -26,7 +26,7 @@ TINC 317 352291 4
Acceptable 317 352291 4
- 1 UDP 185.83.218.112:55656 <-> 131.114.168.27:55656 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 209/TINC, Confidence: DPI][DPI packets: 1][cat: VPN/2][29 pkts/30038 bytes <-> 105 pkts/139726 bytes][Goodput ratio: 96/97][35.82 sec][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244/335 1049/2670 434/517][Pkt Len c2s/s2c min/avg/max/stddev: 158/118 1036/1331 1502/1510 544/412][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (E@zUIs1)][Plen Bins: 0,0,2,7,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,2,3,1,0,2,73,0,0]
- 2 UDP 131.114.168.27:55655 <-> 185.83.218.112:55655 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 209/TINC, Confidence: DPI][DPI packets: 1][cat: VPN/2][101 pkts/136966 bytes <-> 29 pkts/32550 bytes][Goodput ratio: 97/96][42.97 sec][bytes ratio: 0.616 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 442/280 10377/1045 1172/448][Pkt Len c2s/s2c min/avg/max/stddev: 118/158 1356/1122 1510/1502 400/534][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (Cr64lS)][Plen Bins: 0,0,2,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,3,0,0,1,81,0,0]
- 3 TCP 131.114.168.27:49290 <-> 185.83.218.112:55656 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: VPN/2][14 pkts/3812 bytes <-> 13 pkts/3098 bytes][Goodput ratio: 80/76][47.37 sec][bytes ratio: 0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4297/19 46927/55 13481/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/238 1093/1091 380/363][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (1 94 64 0 0 5861ABF)][Plen Bins: 21,7,28,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 TCP 131.114.168.27:59244 <-> 185.83.218.112:55655 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: VPN/2][15 pkts/3169 bytes <-> 11 pkts/2932 bytes][Goodput ratio: 74/79][47.36 sec][bytes ratio: 0.039 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3939/31 46978/85 12977/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 211/267 1093/1091 345/387][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (1 429 672 0 0 2)][Plen Bins: 28,7,28,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 185.83.218.112:55656 <-> 131.114.168.27:55656 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 209/TINC, Confidence: DPI][DPI packets: 1][cat: VPN/2][29 pkts/30038 bytes <-> 105 pkts/139726 bytes][Goodput ratio: 96/97][35.82 sec][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244/335 1049/2670 434/517][Pkt Len c2s/s2c min/avg/max/stddev: 158/118 1036/1331 1502/1510 544/412][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 655][PLAIN TEXT (E@zUIs1)][Plen Bins: 0,0,2,7,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,2,3,1,0,2,73,0,0]
+ 2 UDP 131.114.168.27:55655 <-> 185.83.218.112:55655 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 209/TINC, Confidence: DPI][DPI packets: 1][cat: VPN/2][101 pkts/136966 bytes <-> 29 pkts/32550 bytes][Goodput ratio: 97/96][42.97 sec][bytes ratio: 0.616 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 442/280 10377/1045 1172/448][Pkt Len c2s/s2c min/avg/max/stddev: 118/158 1356/1122 1510/1502 400/534][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 655][PLAIN TEXT (Cr64lS)][Plen Bins: 0,0,2,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,3,0,0,1,81,0,0]
+ 3 TCP 131.114.168.27:49290 <-> 185.83.218.112:55656 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: VPN/2][14 pkts/3812 bytes <-> 13 pkts/3098 bytes][Goodput ratio: 80/76][47.37 sec][bytes ratio: 0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4297/19 46927/55 13481/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/238 1093/1091 380/363][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 655][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (1 94 64 0 0 5861ABF)][Plen Bins: 21,7,28,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 TCP 131.114.168.27:59244 <-> 185.83.218.112:55655 [proto: 209/TINC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: VPN/2][15 pkts/3169 bytes <-> 11 pkts/2932 bytes][Goodput ratio: 74/79][47.36 sec][bytes ratio: 0.039 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3939/31 46978/85 12977/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 211/267 1093/1091 345/387][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 655][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (1 429 672 0 0 2)][Plen Bins: 28,7,28,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out b/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out
index cdba5f869..f7eb814a6 100644
--- a/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out
+++ b/tests/cfgs/default/result/tls_client_certificate_with_missing_server_one.pcapng.out
@@ -33,4 +33,4 @@ JA3 Host Stats:
1 TCP 195.181.174.176:443 <-> 192.168.1.128:48260 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: RemoteAccess/12][3 pkts/1654 bytes <-> 6 pkts/1779 bytes][Goodput ratio: 87/78][0.04 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: -0.036 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 10/8 17/20 7/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 551/296 1514/1160 681/400][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **][Risk Score: 110][Risk Info: anydesk/6.2.0/linu / Found AnyDesk / SNI should always be present][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA4: t12d6406an_9197985d2161_a1e935682795][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0]
- 2 TCP 192.168.1.128:59754 <-> 192.168.1.181:7070 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][6 pkts/1953 bytes <-> 2 pkts/140 bytes][Goodput ratio: 79/0][0.08 sec][bytes ratio: 0.866 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 15/6 54/6 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/70 1352/74 469/4][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN / SNI should always be present][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0]
+ 2 TCP 192.168.1.128:59754 <-> 192.168.1.181:7070 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][6 pkts/1953 bytes <-> 2 pkts/140 bytes][Goodput ratio: 79/0][0.08 sec][bytes ratio: 0.866 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 15/6 54/6 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/70 1352/74 469/4][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN / SNI should always be present / Expected on port 443][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/tls_heur__trojan-tcp-tls.pcapng.out b/tests/cfgs/default/result/tls_heur__trojan-tcp-tls.pcapng.out
index d289e52cb..ef62fc325 100644
--- a/tests/cfgs/default/result/tls_heur__trojan-tcp-tls.pcapng.out
+++ b/tests/cfgs/default/result/tls_heur__trojan-tcp-tls.pcapng.out
@@ -37,7 +37,7 @@ JA3 Host Stats:
1 TCP 192.168.1.183:58730 <-> 142.250.180.142:443 [proto: 91.124/TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 124/YouTube, Confidence: DNS][DPI packets: 6][cat: Media/1][17 pkts/1985 bytes <-> 15 pkts/13936 bytes][Goodput ratio: 41/93][0.11 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.751 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/9 31/70 9/20][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 117/929 585/1468 126/632][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 4ea056e63b7910cbf543f0c095064dfe][JA4: t13d3113h2_e8f1e7e78f70_ce5650b735ce][JA3S: 907bf3ecef1c987c889946b737b43de8][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0]
- 2 TCP 127.0.0.1:41796 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][13 pkts/2233 bytes <-> 12 pkts/9384 bytes][Goodput ratio: 60/91][0.14 sec][Hostname/SNI: test.lan][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 46/30 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 172/782 675/2138 165/744][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][TLSv1.3][JA3C: 7a15285d4efc355608b304698cd7f9ab][JA4: t13d1911h2_9dc949149365_e7c285222651][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,13,13,6,6,0,0,0,6,0,0,0,0,0,6,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,13]
+ 2 TCP 127.0.0.1:41796 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][13 pkts/2233 bytes <-> 12 pkts/9384 bytes][Goodput ratio: 60/91][0.14 sec][Hostname/SNI: test.lan][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 46/30 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 172/782 675/2138 165/744][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][TLSv1.3][JA3C: 7a15285d4efc355608b304698cd7f9ab][JA4: t13d1911h2_9dc949149365_e7c285222651][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,13,13,6,6,0,0,0,6,0,0,0,0,0,6,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,13]
3 TCP 127.0.0.1:60654 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][17 pkts/1999 bytes <-> 10 pkts/7980 bytes][Goodput ratio: 42/91][0.19 sec][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 46/43 16/15][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 118/798 585/4164 119/1276][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (www.youtube.com)][Plen Bins: 37,25,6,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
4 UDP 127.0.0.1:52786 <-> 127.0.0.53:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/176 bytes <-> 2 pkts/468 bytes][Goodput ratio: 50/81][0.03 sec][Hostname/SNI: www.youtube.com][142.250.180.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.1.183:46451 <-> 192.168.1.253:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/88 bytes <-> 1 pkts/413 bytes][Goodput ratio: 49/89][0.03 sec][Hostname/SNI: www.youtube.com][142.250.180.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/tls_heur__vmess-tcp-tls.pcapng.out b/tests/cfgs/default/result/tls_heur__vmess-tcp-tls.pcapng.out
index 1376800db..16e2eff20 100644
--- a/tests/cfgs/default/result/tls_heur__vmess-tcp-tls.pcapng.out
+++ b/tests/cfgs/default/result/tls_heur__vmess-tcp-tls.pcapng.out
@@ -37,7 +37,7 @@ JA3 Host Stats:
1 TCP 192.168.1.183:58612 <-> 216.58.204.142:443 [proto: 91.124/TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 124/YouTube, Confidence: DNS][DPI packets: 6][cat: Media/1][11 pkts/1577 bytes <-> 15 pkts/19414 bytes][Goodput ratio: 52/95][0.10 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.850 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/8 74/66 24/18][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 143/1294 585/6668 151/1565][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 4ea056e63b7910cbf543f0c095064dfe][JA4: t13d3113h2_e8f1e7e78f70_ce5650b735ce][JA3S: 907bf3ecef1c987c889946b737b43de8][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 12,6,6,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,44,0,0,0,6]
- 2 TCP 127.0.0.1:57874 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/2501 bytes <-> 14 pkts/11651 bytes][Goodput ratio: 56/92][0.16 sec][Hostname/SNI: test.lan][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/12 40/74 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 156/832 731/2138 166/797][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 7a15285d4efc355608b304698cd7f9ab][JA4: t13d1911h2_9dc949149365_e7c285222651][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,12,12,5,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,5,5,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,19]
+ 2 TCP 127.0.0.1:57874 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][16 pkts/2501 bytes <-> 14 pkts/11651 bytes][Goodput ratio: 56/92][0.16 sec][Hostname/SNI: test.lan][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/12 40/74 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 156/832 731/2138 166/797][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 7a15285d4efc355608b304698cd7f9ab][JA4: t13d1911h2_9dc949149365_e7c285222651][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,12,12,5,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,5,5,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,19]
3 TCP 127.0.0.1:40136 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][17 pkts/1999 bytes <-> 11 pkts/8047 bytes][Goodput ratio: 42/91][0.14 sec][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/1 40/4 14/2][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 118/732 585/2612 119/967][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (www.youtube.com)][Plen Bins: 37,25,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18]
4 UDP 127.0.0.1:46548 <-> 127.0.0.53:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/176 bytes <-> 2 pkts/484 bytes][Goodput ratio: 50/82][0.00 sec][Hostname/SNI: www.youtube.com][216.58.204.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.1.183:49817 <-> 192.168.1.253:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/88 bytes <-> 1 pkts/253 bytes][Goodput ratio: 49/82][0.00 sec][Hostname/SNI: www.youtube.com][216.58.204.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/tls_heur__vmess-websocket.pcapng.out b/tests/cfgs/default/result/tls_heur__vmess-websocket.pcapng.out
index 426de03e5..5d7be3846 100644
--- a/tests/cfgs/default/result/tls_heur__vmess-websocket.pcapng.out
+++ b/tests/cfgs/default/result/tls_heur__vmess-websocket.pcapng.out
@@ -34,6 +34,6 @@ JA3 Host Stats:
1 TCP 192.168.1.183:51390 <-> 142.250.180.142:443 [proto: 91.124/TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 124/YouTube, Confidence: DNS][DPI packets: 6][cat: Media/1][11 pkts/1577 bytes <-> 17 pkts/22332 bytes][Goodput ratio: 52/95][0.14 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.868 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/9 81/74 26/19][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 143/1314 585/6668 160/1472][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 4ea056e63b7910cbf543f0c095064dfe][JA4: t13d3113h2_e8f1e7e78f70_ce5650b735ce][JA3S: 907bf3ecef1c987c889946b737b43de8][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,55,0,0,0,5]
- 2 TCP 127.0.0.1:33702 <-> 127.0.0.1:1234 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][19 pkts/2630 bytes <-> 16 pkts/20282 bytes][Goodput ratio: 51/95][0.17 sec][Hostname/SNI: 127.0.0.1][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 52/76 16/21][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 138/1268 767/2120 172/862][URL: 127.0.0.1:1234/][StatusCode: 101][User-Agent: Go-http-client/1.1][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 127.0.0.1][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,11,0,5,5,0,0,0,0,0,5,0,0,5,0,0,0,0,0,5,11,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45]
+ 2 TCP 127.0.0.1:33702 <-> 127.0.0.1:1234 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][19 pkts/2630 bytes <-> 16 pkts/20282 bytes][Goodput ratio: 51/95][0.17 sec][Hostname/SNI: 127.0.0.1][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 52/76 16/21][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 138/1268 767/2120 172/862][URL: 127.0.0.1:1234/][StatusCode: 101][User-Agent: Go-http-client/1.1][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 127.0.0.1 / Expected on port 80][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,11,0,5,5,0,0,0,0,0,5,0,0,5,0,0,0,0,0,5,11,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45]
3 TCP 127.0.0.1:44532 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][20 pkts/2203 bytes <-> 13 pkts/19272 bytes][Goodput ratio: 38/95][0.17 sec][bytes ratio: -0.795 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 44/82 16/26][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 110/1482 585/4000 112/1624][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (www.youtube.com)][Plen Bins: 31,21,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26]
4 UDP 127.0.0.1:39646 <-> 127.0.0.53:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/176 bytes <-> 2 pkts/596 bytes][Goodput ratio: 50/85][0.00 sec][Hostname/SNI: www.youtube.com][142.250.180.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/trickbot.pcap.out b/tests/cfgs/default/result/trickbot.pcap.out
index b964107c0..97dda2e6b 100644
--- a/tests/cfgs/default/result/trickbot.pcap.out
+++ b/tests/cfgs/default/result/trickbot.pcap.out
@@ -24,4 +24,4 @@ HTTP 74 62002 1
Acceptable 74 62002 1
- 1 TCP 10.12.29.101:61318 <-> 82.118.225.196:7080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][28 pkts/2801 bytes <-> 46 pkts/59201 bytes][Goodput ratio: 46/96][8.40 sec][Hostname/SNI: 82.118.225.196][bytes ratio: -0.910 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 327/167 1000/1000 339/292][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 100/1287 982/1514 182/426][URL: 82.118.225.196:7080/OK21pqJAtyyGBEo00sk][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: text/html][Server: nginx][User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Content **][Risk Score: 160][Risk Info: Found host 82.118.225.196 / Susp content DF6A56F8][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Unknown][PLAIN TEXT (POST /OK21p)][Plen Bins: 0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,4,0,0,6,2,0,35,0,0,44,0,0]
+ 1 TCP 10.12.29.101:61318 <-> 82.118.225.196:7080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][28 pkts/2801 bytes <-> 46 pkts/59201 bytes][Goodput ratio: 46/96][8.40 sec][Hostname/SNI: 82.118.225.196][bytes ratio: -0.910 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 327/167 1000/1000 339/292][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 100/1287 982/1514 182/426][URL: 82.118.225.196:7080/OK21pqJAtyyGBEo00sk][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: text/html][Server: nginx][User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Content **][Risk Score: 160][Risk Info: Found host 82.118.225.196 / Expected on port 80 / Susp content DF6A56F8][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Unknown][PLAIN TEXT (POST /OK21p)][Plen Bins: 0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,4,0,0,6,2,0,35,0,0,44,0,0]
diff --git a/tests/cfgs/default/result/tunnelbear.pcap.out b/tests/cfgs/default/result/tunnelbear.pcap.out
index 7e57779f2..eca911ce9 100644
--- a/tests/cfgs/default/result/tunnelbear.pcap.out
+++ b/tests/cfgs/default/result/tunnelbear.pcap.out
@@ -53,7 +53,7 @@ JA3 Host Stats:
10 TCP 10.8.0.1:45106 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][7 pkts/1147 bytes <-> 6 pkts/4308 bytes][Goodput ratio: 65/92][0.26 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.579 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 40/62 133/131 52/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3711 174/1344][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20]
11 TCP 10.8.0.1:60224 <-> 157.240.7.32:443 [proto: 91.157/TLS.FacebookMessenger][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 6][cat: Chat/9][9 pkts/1320 bytes <-> 9 pkts/3943 bytes][Goodput ratio: 62/88][0.75 sec][Hostname/SNI: mqtt-mini.facebook.com][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.498 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 107/92 386/335 131/108][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147/438 575/2814 167/854][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA3C: 82932b3c6398511df186dfc9416db2d4][JA4: t00d010700_0f2cb44170f4_8e1d4e45f8f1][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,12,0,0,0,12,0,12,0,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
12 TCP 10.8.0.1:45126 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][16 pkts/3179 bytes <-> 16 pkts/2058 bytes][Goodput ratio: 72/58][0.56 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/29 107/57 34/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 199/129 590/803 207/183][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,24,7,0,7,7,0,0,7,0,7,0,0,0,0,0,24,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 13 TCP 10.8.0.1:47046 <-> 74.125.200.188:5228 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][8 pkts/1433 bytes <-> 7 pkts/1228 bytes][Goodput ratio: 68/69][0.45 sec][Hostname/SNI: mtalk.google.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 50/79 243/193 88/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 179/175 587/583 197/182][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA3C: 58e34c2965c9f3fa4919d58deef1f49e][JA4: t13d171200_5b57614c22b0_352634941f3a][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,16,0,0,0,0,0,16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 13 TCP 10.8.0.1:47046 <-> 74.125.200.188:5228 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][8 pkts/1433 bytes <-> 7 pkts/1228 bytes][Goodput ratio: 68/69][0.45 sec][Hostname/SNI: mtalk.google.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 50/79 243/193 88/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 179/175 587/583 197/182][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA3C: 58e34c2965c9f3fa4919d58deef1f49e][JA4: t13d171200_5b57614c22b0_352634941f3a][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,16,0,0,0,0,0,16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 10.0.2.15:57636 <-> 142.93.78.79:51820 [proto: 206.299/WireGuard.TunnelBear][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][11 pkts/2474 bytes <-> 1 pkts/142 bytes][Goodput ratio: 81/70][0.38 sec][bytes ratio: 0.891 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/0 88/0 27/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/142 225/142 602/142 183/0][Plen Bins: 0,8,42,8,16,0,8,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 TCP 10.8.0.1:33846 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][10 pkts/1298 bytes <-> 9 pkts/642 bytes][Goodput ratio: 57/24][0.37 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.338 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/58 339/331 111/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 130/71 571/210 150/49][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,34,16,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 TCP 10.8.0.1:45124 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][9 pkts/1244 bytes <-> 8 pkts/588 bytes][Goodput ratio: 59/26][0.42 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.358 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 53/90 192/193 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 138/74 571/210 162/52][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/ultrasurf.pcap.out b/tests/cfgs/default/result/ultrasurf.pcap.out
index 55addecfa..fd9d4f4b5 100644
--- a/tests/cfgs/default/result/ultrasurf.pcap.out
+++ b/tests/cfgs/default/result/ultrasurf.pcap.out
@@ -32,5 +32,5 @@ JA3 Host Stats:
1 TCP 65.49.68.25:50053 <-> 10.132.0.23:37898 [VLAN: 200][proto: 304/UltraSurf][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 304/UltraSurf, Confidence: DPI][DPI packets: 1][cat: VPN/2][60 pkts/116248 bytes <-> 40 pkts/4295 bytes][Goodput ratio: 96/11][2.50 sec][bytes ratio: 0.929 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 39/18 438/250 82/50][Pkt Len c2s/s2c min/avg/max/stddev: 1350/90 1937/107 2646/160 641/19][PLAIN TEXT (OFdfbY)][Plen Bins: 0,10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0,0,0,38]
- 2 TCP 10.132.0.23:38120 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][53 pkts/17749 bytes <-> 76 pkts/35849 bytes][Goodput ratio: 79/85][1.90 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/18 260/269 67/46][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 335/472 1494/2646 417/739][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: SNI should always be present / h2][TCP Fingerprint: 2_64_65535_e863472131c1/Unknown][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA4: t13d1514h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,32,9,5,7,6,3,1,2,0,1,0,0,0,0,0,1,1,4,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,2,0,0,5,0,3,0,1,0,0,7]
- 3 TCP 10.132.0.23:38152 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][51 pkts/17295 bytes <-> 53 pkts/35335 bytes][Goodput ratio: 79/89][1.44 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/11 260/251 65/38][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 339/667 1418/2646 438/736][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: SNI should always be present / h2][TCP Fingerprint: 2_64_65535_e863472131c1/Unknown][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA4: t13d1514h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,27,4,2,5,4,4,1,1,1,1,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,23,0,8,0,0,0,0,4]
+ 2 TCP 10.132.0.23:38120 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][53 pkts/17749 bytes <-> 76 pkts/35849 bytes][Goodput ratio: 79/85][1.90 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/18 260/269 67/46][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 335/472 1494/2646 417/739][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: SNI should always be present / h2 / Expected on port 443][TCP Fingerprint: 2_64_65535_e863472131c1/Unknown][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA4: t13d1514h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,32,9,5,7,6,3,1,2,0,1,0,0,0,0,0,1,1,4,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,2,0,0,5,0,3,0,1,0,0,7]
+ 3 TCP 10.132.0.23:38152 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][51 pkts/17295 bytes <-> 53 pkts/35335 bytes][Goodput ratio: 79/89][1.44 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/11 260/251 65/38][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 339/667 1418/2646 438/736][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 150][Risk Info: SNI should always be present / h2 / Expected on port 443][TCP Fingerprint: 2_64_65535_e863472131c1/Unknown][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA4: t13d1514h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,27,4,2,5,4,4,1,1,1,1,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,23,0,8,0,0,0,0,4]
diff --git a/tests/cfgs/default/result/vnc.pcap.out b/tests/cfgs/default/result/vnc.pcap.out
index c5b3b2a06..fb25d2344 100644
--- a/tests/cfgs/default/result/vnc.pcap.out
+++ b/tests/cfgs/default/result/vnc.pcap.out
@@ -24,5 +24,5 @@ VNC 4551 329158 2
Acceptable 4551 329158 2
- 1 TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RemoteAccess/12][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes][Goodput ratio: 32/1][16.52 sec][bytes ratio: 0.552 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 841/845 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/54 89/88 5/3][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found VNC][TCP Fingerprint: 2_128_8192_8df5eacf1616/Unknown][Plen Bins: 88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RemoteAccess/12][684 pkts/54893 bytes <-> 324 pkts/17720 bytes][Goodput ratio: 32/1][4.15 sec][bytes ratio: 0.512 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/12 538/501 32/43][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/55 89/88 5/4][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found VNC][TCP Fingerprint: 2_128_8192_8df5eacf1616/Unknown][Plen Bins: 90,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RemoteAccess/12][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes][Goodput ratio: 32/1][16.52 sec][bytes ratio: 0.552 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 841/845 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/54 89/88 5/3][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found VNC / Expected on port 5900,5901,5800][TCP Fingerprint: 2_128_8192_8df5eacf1616/Unknown][Plen Bins: 88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RemoteAccess/12][684 pkts/54893 bytes <-> 324 pkts/17720 bytes][Goodput ratio: 32/1][4.15 sec][bytes ratio: 0.512 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/12 538/501 32/43][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/55 89/88 5/4][Risk: ** Known Proto on Non Std Port **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found VNC / Expected on port 5900,5901,5800][TCP Fingerprint: 2_128_8192_8df5eacf1616/Unknown][Plen Bins: 90,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/wa_video.pcap.out b/tests/cfgs/default/result/wa_video.pcap.out
index 080b1b6fc..3510ceb2b 100644
--- a/tests/cfgs/default/result/wa_video.pcap.out
+++ b/tests/cfgs/default/result/wa_video.pcap.out
@@ -36,9 +36,9 @@ Acceptable 780 347731 13
Fun 1 86 1
1 UDP 192.168.2.12:53688 <-> 31.13.86.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][347 pkts/223797 bytes <-> 146 pkts/24878 bytes][Goodput ratio: 93/75][22.48 sec][bytes ratio: 0.800 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/77 2891/3013 278/400][Pkt Len c2s/s2c min/avg/max/stddev: 48/44 645/170 1181/1095 402/174][Mapped IP/Port: 80.180.162.48:53046][PLAIN TEXT (hw3@PydH)][Plen Bins: 11,29,10,5,5,0,0,0,0,0,0,0,0,0,14,0,3,0,0,0,0,0,0,0,0,1,1,0,1,3,2,0,2,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.2.12:53688 <-> 91.252.56.51:32641 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][72 pkts/48848 bytes <-> 35 pkts/22821 bytes][Goodput ratio: 94/94][3.05 sec][bytes ratio: 0.363 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/19 707/132 139/32][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 678/652 1160/1140 376/376][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (dBXAnF)][Plen Bins: 1,8,0,8,2,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,1,5,5,14,2,5,1,8,4,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.2.12:53688 <-> 91.252.56.51:32641 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][72 pkts/48848 bytes <-> 35 pkts/22821 bytes][Goodput ratio: 94/94][3.05 sec][bytes ratio: 0.363 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/19 707/132 139/32][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 678/652 1160/1140 376/376][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (dBXAnF)][Plen Bins: 1,8,0,8,2,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,1,5,5,14,2,5,1,8,4,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: Match by IP][FPC: 142/WhatsApp, Confidence: IP address][DPI packets: 22][cat: Chat/9][66 pkts/8810 bytes <-> 67 pkts/11758 bytes][Goodput ratio: 50/62][27.94 sec][bytes ratio: -0.143 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 365/429 6456/7033 1181/1216][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/175 1454/1454 183/248][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.866 (Encrypted or Random?)][PLAIN TEXT (AaPKuGR)][Plen Bins: 2,50,0,5,13,17,0,0,2,0,0,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0]
- 4 UDP 192.168.2.12:53688 -> 1.60.78.64:59491 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][18 pkts/1548 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.75 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 618/0 631/0 695/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 192.168.2.12:53688 -> 1.60.78.64:59491 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][18 pkts/1548 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.75 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 618/0 631/0 695/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][2 pkts/764 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][8.20 sec][Hostname/SNI: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.2.12:53688 <-> 157.240.196.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][22.48 sec][Mapped IP/Port: 80.180.162.48:53046][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/wa_voice.pcap.out b/tests/cfgs/default/result/wa_voice.pcap.out
index 0cda0ba68..c6e19311b 100644
--- a/tests/cfgs/default/result/wa_voice.pcap.out
+++ b/tests/cfgs/default/result/wa_voice.pcap.out
@@ -50,13 +50,13 @@ JA3 Host Stats:
1 TCP 192.168.2.12:50504 <-> 157.240.20.52:443 [proto: 91.142/TLS.WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: DPI][FPC: 142/WhatsApp, Confidence: DNS][DPI packets: 6][cat: Chat/9][41 pkts/3669 bytes <-> 44 pkts/43871 bytes][Goodput ratio: 27/93][0.41 sec][Hostname/SNI: pps.whatsapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 129/77 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 89/997 583/1454 85/624][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA3C: 7a7a639628f0fe5c7e057628a5bbec5a][JA4: t13d2614h2_2802a3db6c62_c5b8c5b1cdcb][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 8,11,4,0,0,2,2,0,2,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,61,0,0,0,0]
2 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: DPI][FPC: 142/WhatsApp, Confidence: DNS][DPI packets: 4][cat: Chat/9][132 pkts/14116 bytes <-> 131 pkts/24439 bytes][Goodput ratio: 38/65][54.73 sec][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 342/421 9349/9387 1279/1420][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/187 393/1454 62/283][TCP Fingerprint: 194_64_65535_d29295416479/macOS][PLAIN TEXT (fd.9LTIP9)][Plen Bins: 1,63,2,3,10,10,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0]
- 3 UDP 91.252.56.51:32704 <-> 192.168.2.12:56328 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][87 pkts/14598 bytes <-> 77 pkts/17336 bytes][Goodput ratio: 75/81][11.91 sec][bytes ratio: -0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 136/121 921/265 137/64][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 168/225 318/331 61/68][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (KEXQD/)][Plen Bins: 6,4,7,27,16,4,11,12,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 91.252.56.51:32704 <-> 192.168.2.12:56328 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][87 pkts/14598 bytes <-> 77 pkts/17336 bytes][Goodput ratio: 75/81][11.91 sec][bytes ratio: -0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 136/121 921/265 137/64][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 168/225 318/331 61/68][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (KEXQD/)][Plen Bins: 6,4,7,27,16,4,11,12,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.2.12:50503 <-> 31.13.86.51:443 [proto: 91.242/TLS.WhatsAppFiles][IP: 142/WhatsApp][Encrypted][Confidence: DPI][FPC: 242/WhatsAppFiles, Confidence: DNS][DPI packets: 6][cat: Download/7][25 pkts/2993 bytes <-> 25 pkts/21759 bytes][Goodput ratio: 44/92][0.39 sec][Hostname/SNI: media-mxp1-1.cdn.whatsapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 127/126 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/870 583/1454 124/639][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA3C: b92a79ed03c3ff5611abb2305370d3e3][JA4: t13d2615h2_2802a3db6c62_0f2fdc61901b][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 7,14,7,0,0,3,0,0,7,0,3,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0]
5 TCP 192.168.2.12:49354 <-> 17.242.60.84:5223 [proto: 238/ApplePush][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 238/ApplePush, Confidence: DPI][DPI packets: 1][cat: Cloud/13][14 pkts/6933 bytes <-> 10 pkts/1074 bytes][Goodput ratio: 87/39][54.11 sec][bytes ratio: 0.732 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4462/757 43773/5113 12515/1779][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 495/107 1506/215 607/44][Plen Bins: 0,42,14,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,21,0,0]
6 UDP 192.168.2.12:56328 <-> 31.13.86.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][21 pkts/2349 bytes <-> 28 pkts/3668 bytes][Goodput ratio: 62/68][34.51 sec][bytes ratio: -0.219 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1959/1447 12194/12196 2978/2626][Pkt Len c2s/s2c min/avg/max/stddev: 48/44 112/131 249/326 64/101][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 40,20,0,20,0,0,8,4,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/1710 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][17.30 sec][Hostname/SNI: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][4 pkts/1528 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][30.05 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 UDP 192.168.2.12:56328 -> 1.60.78.64:64282 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][16 pkts/1376 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 614/0 625/0 643/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 UDP 192.168.2.12:56328 -> 1.60.78.64:64282 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][16 pkts/1376 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 614/0 625/0 643/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP 192.168.2.12:56328 <-> 157.240.193.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6151 22207/12302 9311/6151][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP 192.168.2.12:56328 <-> 157.240.196.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6148 22207/12297 9311/6148][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 UDP 192.168.2.12:56328 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/840 bytes <-> 3 pkts/258 bytes][Goodput ratio: 75/51][34.51 sec][bytes ratio: 0.530 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8626/6149 22207/12298 9311/6149][Pkt Len c2s/s2c min/avg/max/stddev: 168/86 168/86 168/86 0/0][Mapped IP/Port: 80.180.162.48:52372][Plen Bins: 0,37,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out
index 4c779faaf..2ad61aa1c 100644
--- a/tests/cfgs/default/result/webex.pcap.out
+++ b/tests/cfgs/default/result/webex.pcap.out
@@ -93,6 +93,6 @@ JA3 Host Stats:
52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 5][cat: Web/5][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: Match by port][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: Match by port][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 3][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/whatsapp_login_call.pcap.out b/tests/cfgs/default/result/whatsapp_login_call.pcap.out
index 29a8d8d07..c093829a6 100644
--- a/tests/cfgs/default/result/whatsapp_login_call.pcap.out
+++ b/tests/cfgs/default/result/whatsapp_login_call.pcap.out
@@ -49,20 +49,20 @@ JA3 Host Stats:
1 192.168.2.4 1
- 1 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][186 pkts/27025 bytes <-> 278 pkts/25895 bytes][Goodput ratio: 71/55][9.73 sec][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/33 198/347 51/47][Pkt Len c2s/s2c min/avg/max/stddev: 68/64 145/93 525/488 100/64][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (zTdFPOk)][Plen Bins: 24,37,19,5,0,1,1,0,3,3,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][141 pkts/17530 bytes <-> 57 pkts/12888 bytes][Goodput ratio: 66/81][7.74 sec][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/124 307/539 63/96][Pkt Len c2s/s2c min/avg/max/stddev: 65/68 124/226 484/552 75/128][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 9,34,26,10,4,1,2,3,1,1,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Chat/9][100 pkts/14711 bytes <-> 80 pkts/10163 bytes][Goodput ratio: 55/48][134.29 sec][bytes ratio: 0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1385/1866 28162/28146 4416/5105][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 147/127 1506/754 238/99][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (iPhone)][Plen Bins: 19,48,10,14,1,1,1,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
- 4 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/TLS.AppleStore][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: IP address][DPI packets: 6][cat: SoftwareUpdate/19][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][Goodput ratio: 86/80][34.28 sec][Hostname/SNI: p53-buy.itunes.apple.com][bytes ratio: 0.281 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 122/108 1665/1391 340/319][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 406/276 1494/1002 489/348][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12d370500_07a749158664_d075105c1994][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 4,8,4,0,0,0,0,4,0,0,16,0,0,0,8,8,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
- 5 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 7][cat: Web/5][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][Goodput ratio: 85/90][32.84 sec][Hostname/SNI: query.ess.apple.com][bytes ratio: -0.112 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1909/37 30435/294 7133/82][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 364/563 1494/1494 553/634][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12d370500_07a749158664_d075105c1994][ServerNames: *.ess.apple.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US][Certificate SHA-1: BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B][Validity: 2015-05-06 01:09:47 - 2016-06-04 01:09:47][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 5,11,0,11,0,5,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,45,0,0]
- 6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/TLS.AppleStore][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: IP address][DPI packets: 6][cat: SoftwareUpdate/19][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][Goodput ratio: 85/77][0.94 sec][Hostname/SNI: p53-buy.itunes.apple.com][bytes ratio: 0.271 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/42 225/228 76/81][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 363/236 1494/1002 464/321][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12d370500_07a749158664_d075105c1994][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 6,13,6,0,0,0,0,6,0,0,13,0,0,0,6,6,0,13,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0]
+ 1 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][186 pkts/27025 bytes <-> 278 pkts/25895 bytes][Goodput ratio: 71/55][9.73 sec][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/33 198/347 51/47][Pkt Len c2s/s2c min/avg/max/stddev: 68/64 145/93 525/488 100/64][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (zTdFPOk)][Plen Bins: 24,37,19,5,0,1,1,0,3,3,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][141 pkts/17530 bytes <-> 57 pkts/12888 bytes][Goodput ratio: 66/81][7.74 sec][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/124 307/539 63/96][Pkt Len c2s/s2c min/avg/max/stddev: 65/68 124/226 484/552 75/128][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 9,34,26,10,4,1,2,3,1,1,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Chat/9][100 pkts/14711 bytes <-> 80 pkts/10163 bytes][Goodput ratio: 55/48][134.29 sec][bytes ratio: 0.183 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1385/1866 28162/28146 4416/5105][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 147/127 1506/754 238/99][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (iPhone)][Plen Bins: 19,48,10,14,1,1,1,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
+ 4 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/TLS.AppleStore][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: IP address][DPI packets: 6][cat: SoftwareUpdate/19][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][Goodput ratio: 86/80][34.28 sec][Hostname/SNI: p53-buy.itunes.apple.com][bytes ratio: 0.281 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 122/108 1665/1391 340/319][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 406/276 1494/1002 489/348][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12d370500_07a749158664_d075105c1994][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 4,8,4,0,0,0,0,4,0,0,16,0,0,0,8,8,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
+ 5 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 7][cat: Web/5][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][Goodput ratio: 85/90][32.84 sec][Hostname/SNI: query.ess.apple.com][bytes ratio: -0.112 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1909/37 30435/294 7133/82][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 364/563 1494/1494 553/634][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12d370500_07a749158664_d075105c1994][ServerNames: *.ess.apple.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US][Certificate SHA-1: BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B][Validity: 2015-05-06 01:09:47 - 2016-06-04 01:09:47][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 5,11,0,11,0,5,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,45,0,0]
+ 6 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/TLS.AppleStore][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: IP address][DPI packets: 6][cat: SoftwareUpdate/19][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][Goodput ratio: 85/77][0.94 sec][Hostname/SNI: p53-buy.itunes.apple.com][bytes ratio: 0.271 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/42 225/228 76/81][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 363/236 1494/1002 464/321][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12d370500_07a749158664_d075105c1994][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 6,13,6,0,0,0,0,6,0,0,13,0,0,0,6,6,0,13,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0]
7 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238/ApplePush][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 238/ApplePush, Confidence: DPI][DPI packets: 1][cat: Cloud/13][11 pkts/4732 bytes <-> 11 pkts/1194 bytes][Goodput ratio: 85/39][125.45 sec][bytes ratio: 0.597 (Upload)][IAT c2s/s2c min/avg/max/stddev: 53/0 12860/12856 101116/101113 33359/33359][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/109 1506/300 467/83][PLAIN TEXT (yfV.nY)][Plen Bins: 0,9,36,0,0,0,9,9,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
- 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 338.45/SRTP.WhatsAppCall][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][12 pkts/2341 bytes <-> 12 pkts/2484 bytes][Goodput ratio: 78/80][29.18 sec][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2192/2122 18656/18299 5822/5720][Pkt Len c2s/s2c min/avg/max/stddev: 64/68 195/207 331/358 98/107][Mapped IP/Port: 79.35.21.197:45156][Plen Bins: 20,8,8,12,0,4,0,20,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 338.45/SRTP.WhatsAppCall][IP: 119/Facebook][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][12 pkts/2341 bytes <-> 12 pkts/2484 bytes][Goodput ratio: 78/80][29.18 sec][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2192/2122 18656/18299 5822/5720][Pkt Len c2s/s2c min/avg/max/stddev: 64/68 195/207 331/358 98/107][Mapped IP/Port: 79.35.21.197:45156][Plen Bins: 20,8,8,12,0,4,0,20,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][10 pkts/3420 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][59.94 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1255/0 6660/0 9061/0 2880/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][9 pkts/1842 bytes <-> 11 pkts/1151 bytes][Goodput ratio: 79/60][14.33 sec][bytes ratio: 0.231 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 1923/792 6986/6468 2906/2008][Pkt Len c2s/s2c min/avg/max/stddev: 68/64 205/105 331/128 82/23][Mapped IP/Port: 79.35.21.197:38779][Plen Bins: 15,10,40,15,0,0,10,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][4 pkts/2176 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][90.14 sec][PLAIN TEXT ( 3375359593)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51/IMAPS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: IP address][DPI packets: 4][cat: Email/3][9 pkts/1130 bytes <-> 8 pkts/868 bytes][Goodput ratio: 47/39][0.94 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/53 105/100 275/162 108/47][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 126/108 236/151 68/42][Plen Bins: 0,0,50,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 13 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][15 pkts/1290 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.85 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 614/0 632/0 667/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][12 pkts/1032 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][6.95 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 625/0 631/0 644/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 13 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][15 pkts/1290 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][8.85 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 614/0 632/0 667/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][12 pkts/1032 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][6.95 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 625/0 631/0 644/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][10 pkts/700 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][43.15 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 4795/0 42598/0 13366/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70/0 70/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][29.18 sec][Mapped IP/Port: 79.35.21.197:45156][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][29.18 sec][Mapped IP/Port: 79.35.21.197:45156][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -90,7 +90,7 @@ JA3 Host Stats:
39 TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
40 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
41 TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 42 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: Match by port][FPC: 140/Apple, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.28 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 42 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: Match by port][FPC: 140/Apple, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.28 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: Match by port][FPC: 140/Apple, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.30 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
44 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: Match by port][FPC: 140/Apple, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.17 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
45 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: Match by port][FPC: 140/Apple, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.21 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/whatsapp_login_chat.pcap.out b/tests/cfgs/default/result/whatsapp_login_chat.pcap.out
index 59a181b7c..8842dd58a 100644
--- a/tests/cfgs/default/result/whatsapp_login_chat.pcap.out
+++ b/tests/cfgs/default/result/whatsapp_login_chat.pcap.out
@@ -33,8 +33,8 @@ Acceptable 42 6585 6
Fun 1 86 1
1 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: IP address][DPI packets: 6][cat: Web/5][24 pkts/15117 bytes <-> 20 pkts/6254 bytes][Goodput ratio: 91/83][3.89 sec][bytes ratio: 0.415 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 180/27 2803/212 622/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 630/313 1494/1002 544/370][Plen Bins: 0,0,4,0,0,0,0,0,0,0,16,0,0,0,8,4,0,16,0,0,0,0,4,0,0,0,0,0,0,16,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,16,0,0]
- 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Chat/9][17 pkts/1794 bytes <-> 13 pkts/1169 bytes][Goodput ratio: 37/26][19.72 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 1371/2066 10513/10479 2988/3556][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/90 267/144 68/22][TCP Fingerprint: 2_64_65535_09b18f059744/Unknown][PLAIN TEXT (iPhone)][Plen Bins: 21,50,7,0,0,14,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/2095 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][20.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 659/0 4000/0 10199/0 3476/0][Pkt Len c2s/s2c min/avg/max/stddev: 220/0 349/0 375/0 58/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,16,0,0,0,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Chat/9][17 pkts/1794 bytes <-> 13 pkts/1169 bytes][Goodput ratio: 37/26][19.72 sec][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 1371/2066 10513/10479 2988/3556][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/90 267/144 68/22][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (iPhone)][Plen Bins: 21,50,7,0,0,14,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/2095 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][20.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 659/0 4000/0 10199/0 3476/0][Pkt Len c2s/s2c min/avg/max/stddev: 220/0 349/0 375/0 58/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 443][Plen Bins: 0,0,0,0,16,0,0,0,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/2052 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][25.29 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1983/0 5058/0 8569/0 2765/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.04 sec][PLAIN TEXT ( 3375359593)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.142/DNS.WhatsApp, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44/79][0.03 sec][Hostname/SNI: e12.whatsapp.net][184.173.179.47][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/z3950.pcapng.out b/tests/cfgs/default/result/z3950.pcapng.out
index 034903ca8..9aa9446f8 100644
--- a/tests/cfgs/default/result/z3950.pcapng.out
+++ b/tests/cfgs/default/result/z3950.pcapng.out
@@ -28,4 +28,4 @@ Z3950 31 6308 2
Acceptable 31 6308 2
1 TCP 192.168.2.100:58921 <-> 193.174.240.93:210 [proto: 260/Z3950][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: Network/14][7 pkts/623 bytes <-> 8 pkts/4374 bytes][Goodput ratio: 37/90][1.55 sec][bytes ratio: -0.751 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 293/29 1341/73 524/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/547 170/1506 44/623][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (p.5.4.1 12b)][Plen Bins: 25,0,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
- 2 TCP 192.168.0.20:46524 <-> 129.187.139.43:9991 [proto: 260/Z3950][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Network/14][10 pkts/764 bytes <-> 6 pkts/547 bytes][Goodput ratio: 28/36][76.54 sec][bytes ratio: 0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 1539/3022 9007/9037 3003/4253][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 76/91 138/167 32/37][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_192_64240_565ad129ac37/Unknown][PLAIN TEXT (p/5.27.1 872b)][Plen Bins: 0,50,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 192.168.0.20:46524 <-> 129.187.139.43:9991 [proto: 260/Z3950][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Network/14][10 pkts/764 bytes <-> 6 pkts/547 bytes][Goodput ratio: 28/36][76.54 sec][bytes ratio: 0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 1539/3022 9007/9037 3003/4253][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 76/91 138/167 32/37][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 210][TCP Fingerprint: 2_192_64240_565ad129ac37/Unknown][PLAIN TEXT (p/5.27.1 872b)][Plen Bins: 0,50,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/zoom.pcap.out b/tests/cfgs/default/result/zoom.pcap.out
index 8a5dd343d..e9f0677be 100644
--- a/tests/cfgs/default/result/zoom.pcap.out
+++ b/tests/cfgs/default/result/zoom.pcap.out
@@ -59,14 +59,14 @@ JA3 Host Stats:
9 TCP 192.168.1.117:54870 <-> 213.244.140.84:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 11][cat: Video/26][16 pkts/1832 bytes <-> 12 pkts/6702 bytes][Goodput ratio: 44/88][0.38 sec][Hostname/SNI: zoomfr84zc.zoom.us][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/40 187/280 49/91][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 114/558 583/1506 129/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][JA4: t12d930700_72a4e8475a2e_4446390ac224][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,0,8,8,8,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,25,0,0]
10 TCP 192.168.1.117:54864 <-> 52.202.62.238:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 10][cat: Video/26][10 pkts/2030 bytes <-> 8 pkts/6283 bytes][Goodput ratio: 72/93][0.47 sec][Hostname/SNI: log.zoom.us][(Advertised) ALPNs: http/1.1][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 58/40 110/131 50/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 203/785 812/1506 256/675][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 535aca3d99fc247509cd50933cd71d37][JA4: t12d8008ht_9cedc1f1428b_046e095b7c4a][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,33,0,0]
11 TCP 192.168.1.117:53872 <-> 35.186.224.53:443 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 5][cat: Web/5][8 pkts/2017 bytes <-> 8 pkts/4822 bytes][Goodput ratio: 74/89][0.07 sec][bytes ratio: -0.410 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 58/45 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252/603 1434/1484 447/585][Plen Bins: 0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,25,0,0,0]
- 12 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][Goodput ratio: 69/68][5.26 sec][Hostname/SNI: dati.ntop.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 645/740 5003/5003 1647/1741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/207 932/1292 283/364][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a795593605a13211941d44505b4d1e39][JA4: t12d800700_64d9932cae36_4446390ac224][JA3S: dd4b012f7a008e741554bd0a4ed12920][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
+ 12 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][Goodput ratio: 69/68][5.26 sec][Hostname/SNI: dati.ntop.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 645/740 5003/5003 1647/1741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/207 932/1292 283/364][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a795593605a13211941d44505b4d1e39][JA4: t12d800700_64d9932cae36_4446390ac224][JA3S: dd4b012f7a008e741554bd0a4ed12920][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
13 TCP 192.168.1.117:54854 -> 172.217.21.72:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91.239/TLS.GoogleServices, Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/1060 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.46 sec][Hostname/SNI: www.googletagmanager.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TLSv1][JA3C: d78489b860c8bf7838a6ff0b4d131541][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP 192.168.1.117:53867 <-> 104.199.65.42:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][4 pkts/710 bytes <-> 2 pkts/242 bytes][Goodput ratio: 63/45][0.09 sec][bytes ratio: 0.492 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/64 31/64 32/64 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/121 178/121 329/121 115/0][Plen Bins: 0,50,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 UDP 192.168.1.117:61731 <-> 109.94.160.99:8801 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DPI][DPI packets: 5][cat: Video/26][4 pkts/372 bytes <-> 4 pkts/290 bytes][Goodput ratio: 55/39][0.11 sec][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/35 28/27 49/47 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 93/72 151/93 40/14][PLAIN TEXT (replace)][Plen Bins: 50,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 UDP 192.168.1.117:60620 <-> 109.94.160.99:8801 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DPI][DPI packets: 5][cat: Video/26][4 pkts/408 bytes <-> 3 pkts/222 bytes][Goodput ratio: 59/41][1.24 sec][bytes ratio: 0.295 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/31 413/16 1209/31 563/16][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 102/74 149/85 33/10][PLAIN TEXT (replace)][Plen Bins: 28,57,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 UDP 192.168.1.117:23903 <-> 162.255.37.14:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][FPC: 78.189/STUN.Zoom, Confidence: DPI][DPI packets: 1][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][Goodput ratio: 51/43][0.19 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10/9 10/9 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86/74 86/74 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
18 UDP 192.168.1.117:23903 <-> 162.255.38.14:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][FPC: 78.189/STUN.Zoom, Confidence: DPI][DPI packets: 1][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][Goodput ratio: 51/43][0.18 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10/10 10/10 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86/74 86/74 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 UDP 192.168.1.117:23903 <-> 162.255.38.14:3479 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][FPC: 78.189/STUN.Zoom, Confidence: DPI][DPI packets: 1][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][Goodput ratio: 51/43][0.18 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10/10 10/10 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86/74 86/74 0/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 UDP 192.168.1.117:23903 <-> 162.255.38.14:3479 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][FPC: 78.189/STUN.Zoom, Confidence: DPI][DPI packets: 1][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][Goodput ratio: 51/43][0.18 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10/10 10/10 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86/74 86/74 0/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 UDP 192.168.1.117:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/330 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Hostname/SNI: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/321 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: tl-sg116e][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
22 TCP 192.168.1.117:54341 -> 62.149.152.153:993 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 51/IMAPS, Confidence: DPI][DPI packets: 2][cat: Email/3][2 pkts/226 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][3.59 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -78,7 +78,7 @@ JA3 Host Stats:
28 UDP 192.168.1.117:62988 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.189/DNS.Zoom, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.04 sec][Hostname/SNI: www3.zoom.us][52.202.62.236][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 UDP 192.168.1.117:64352 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.189/DNS.Zoom, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40/51][0.04 sec][Hostname/SNI: log.zoom.us][52.202.62.238][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 ICMP 192.168.1.117:0 -> 162.255.38.14:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 31 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 2][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.04 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 31 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 2][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.04 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 UDP 192.168.1.117:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][PLAIN TEXT (spotify)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 UDP 192.168.1.117:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 156/Spotify, Confidence: DPI][DPI packets: 1][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 ICMP 192.168.1.117:0 -> 192.168.1.1:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/disable_protocols/result/soap.pcap.out b/tests/cfgs/disable_protocols/result/soap.pcap.out
index 3545817f5..7218d2299 100644
--- a/tests/cfgs/disable_protocols/result/soap.pcap.out
+++ b/tests/cfgs/disable_protocols/result/soap.pcap.out
@@ -31,4 +31,4 @@ Acceptable 19 9442 2
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 14][cat: Web/5][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.075 (Executable?)][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
- 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.212/HTTP.Microsoft, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
+ 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.212/HTTP.Microsoft, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
diff --git a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out
index 845b8e044..bd85fa81c 100644
--- a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out
+++ b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out
@@ -169,7 +169,7 @@ JA3 Host Stats:
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [flowId: 171][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [flowId: 144][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [flowId: 178][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [flowId: 37][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [flowId: 37][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
87 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [flowId: 11][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
88 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [flowId: 6][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
89 UDP 0.0.0.0:68 -> 255.255.255.255:67 [flowId: 7][proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -185,9 +185,9 @@ JA3 Host Stats:
99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [flowId: 176][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0]
100 UDP 192.168.3.236:137 -> 192.168.255.255:137 [flowId: 63][proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [flowId: 192][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [flowId: 129][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [flowId: 130][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [flowId: 131][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [flowId: 129][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [flowId: 130][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [flowId: 131][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
105 TCP 192.168.2.126:41134 <-> 129.226.107.77:80 [flowId: 133][proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 2][cat: Chat/9][1 pkts/324 bytes <-> 1 pkts/518 bytes][Goodput ratio: 83/89][0.19 sec][Hostname/SNI: cgi.connect.qq.com][URL: cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135][StatusCode: 302][Content-Type: text/html][Server: stgw][User-Agent: AndroidSDK_30_generic_x86_arm_11][PLAIN TEXT (GET /qq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
106 TCP 192.168.2.126:38834 <-> 119.45.78.184:80 [flowId: 137][proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/655 bytes <-> 1 pkts/170 bytes][Goodput ratio: 80/61][0.31 sec][Hostname/SNI: pingma.qq.com][URL: pingma.qq.com:80/mstat/report][StatusCode: 404][Risk: ** HTTP Susp User-Agent **** Error Code **][Risk Score: 110][Risk Info: Empty or missing User-Agent / HTTP Error Code 404][PLAIN TEXT (POST /mstat/report HTTP/1.1)][Plen Bins: 0,0,0,33,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [flowId: 69][proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/fpc_disabled/result/teams.pcap.out b/tests/cfgs/fpc_disabled/result/teams.pcap.out
index 1f2be1708..fce364156 100644
--- a/tests/cfgs/fpc_disabled/result/teams.pcap.out
+++ b/tests/cfgs/fpc_disabled/result/teams.pcap.out
@@ -86,24 +86,24 @@ JA3 Host Stats:
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
- 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
+ 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
- 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
- 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
+ 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
+ 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][Mapped IP/Port: 93.71.110.205:16332][Peer IP/Port: 159.145.24.130:64794][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
45 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
46 UDP 192.168.1.6:50017 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 99/97 2002/2002 3906/3906 1904/1904][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
47 UDP 192.168.1.6:50037 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 95/94 2000/2000 3905/3905 1905/1906][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
51 UDP 192.168.1.6:50016 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 UDP 192.168.1.6:50036 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -115,8 +115,8 @@ JA3 Host Stats:
59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][0.0.0.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/guess_ip_before_port_enabled/result/1kxun.pcap.out b/tests/cfgs/guess_ip_before_port_enabled/result/1kxun.pcap.out
index 34085c79e..2e277b31a 100644
--- a/tests/cfgs/guess_ip_before_port_enabled/result/1kxun.pcap.out
+++ b/tests/cfgs/guess_ip_before_port_enabled/result/1kxun.pcap.out
@@ -141,7 +141,7 @@ JA3 Host Stats:
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
87 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
88 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
89 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -157,9 +157,9 @@ JA3 Host Stats:
99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0]
100 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
105 TCP 192.168.2.126:41134 <-> 129.226.107.77:80 [proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 2][cat: Chat/9][1 pkts/324 bytes <-> 1 pkts/518 bytes][Goodput ratio: 83/89][0.19 sec][Hostname/SNI: cgi.connect.qq.com][URL: cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135][StatusCode: 302][Content-Type: text/html][Server: stgw][User-Agent: AndroidSDK_30_generic_x86_arm_11][PLAIN TEXT (GET /qq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
106 TCP 192.168.2.126:38834 <-> 119.45.78.184:80 [proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/655 bytes <-> 1 pkts/170 bytes][Goodput ratio: 80/61][0.31 sec][Hostname/SNI: pingma.qq.com][URL: pingma.qq.com:80/mstat/report][StatusCode: 404][Risk: ** HTTP Susp User-Agent **** Error Code **][Risk Score: 110][Risk Info: Empty or missing User-Agent / HTTP Error Code 404][PLAIN TEXT (POST /mstat/report HTTP/1.1)][Plen Bins: 0,0,0,33,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/guessing_disable/result/webex.pcap.out b/tests/cfgs/guessing_disable/result/webex.pcap.out
index e3188c672..b1bb3ff56 100644
--- a/tests/cfgs/guessing_disable/result/webex.pcap.out
+++ b/tests/cfgs/guessing_disable/result/webex.pcap.out
@@ -95,6 +95,6 @@ JA3 Host Stats:
Undetected flows:
1 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 0/Unknown][IP: 141/Webex][ClearText][Confidence: Unknown][FPC: 141/Webex, Confidence: IP address][DPI packets: 7][14 pkts/1071 bytes <-> 2 pkts/100 bytes][Goodput ratio: 45/16][20.24 sec][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 122/117 1602/117 8966/117 2266/0][Pkt Len c2s/s2c min/avg/max/stddev: 47/50 76/50 84/50 14/0][Plen Bins: 31,68,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 0/Unknown][IP: 141/Webex][ClearText][Confidence: Unknown][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 0/Unknown][IP: 141/Webex][ClearText][Confidence: Unknown][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 0/Unknown][IP: 265/AmazonAWS][ClearText][Confidence: Unknown][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 3][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out
index f8f07b013..57c617fb5 100644
--- a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out
+++ b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out
@@ -140,7 +140,7 @@ JA3 Host Stats:
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
87 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
88 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
89 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -156,9 +156,9 @@ JA3 Host Stats:
99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0]
100 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 80][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
105 TCP 192.168.2.126:41134 <-> 129.226.107.77:80 [proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 2][cat: Chat/9][1 pkts/324 bytes <-> 1 pkts/518 bytes][Goodput ratio: 83/89][0.19 sec][Hostname/SNI: cgi.connect.qq.com][URL: cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135][StatusCode: 302][Content-Type: text/html][Server: stgw][User-Agent: AndroidSDK_30_generic_x86_arm_11][PLAIN TEXT (GET /qq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
106 TCP 192.168.2.126:38834 <-> 119.45.78.184:80 [proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/655 bytes <-> 1 pkts/170 bytes][Goodput ratio: 80/61][0.31 sec][Hostname/SNI: pingma.qq.com][URL: pingma.qq.com:80/mstat/report][StatusCode: 404][Risk: ** HTTP Susp User-Agent **** Error Code **][Risk Score: 110][Risk Info: Empty or missing User-Agent / HTTP Error Code 404][PLAIN TEXT (POST /mstat/report HTTP/1.1)][Plen Bins: 0,0,0,33,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/pcap/signal_audiocall.pcapng b/tests/cfgs/monitoring/pcap/signal_audiocall.pcapng
new file mode 120000
index 000000000..5d1ee45a3
--- /dev/null
+++ b/tests/cfgs/monitoring/pcap/signal_audiocall.pcapng
@@ -0,0 +1 @@
+../../default/pcap/signal_audiocall.pcapng
\ No newline at end of file
diff --git a/tests/cfgs/monitoring/pcap/signal_videocall.pcapng b/tests/cfgs/monitoring/pcap/signal_videocall.pcapng
new file mode 120000
index 000000000..877fc5615
--- /dev/null
+++ b/tests/cfgs/monitoring/pcap/signal_videocall.pcapng
@@ -0,0 +1 @@
+../../default/pcap/signal_videocall.pcapng
\ No newline at end of file
diff --git a/tests/cfgs/monitoring/pcap/telegram_videocall_2.pcapng b/tests/cfgs/monitoring/pcap/telegram_videocall_2.pcapng
new file mode 120000
index 000000000..b6b385fc7
--- /dev/null
+++ b/tests/cfgs/monitoring/pcap/telegram_videocall_2.pcapng
@@ -0,0 +1 @@
+../../default/pcap/telegram_videocall_2.pcapng
\ No newline at end of file
diff --git a/tests/cfgs/monitoring/pcap/telegram_voice.pcapng b/tests/cfgs/monitoring/pcap/telegram_voice.pcapng
new file mode 120000
index 000000000..83cd1e77f
--- /dev/null
+++ b/tests/cfgs/monitoring/pcap/telegram_voice.pcapng
@@ -0,0 +1 @@
+../../default/pcap/telegram_voice.pcapng
\ No newline at end of file
diff --git a/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out b/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out
new file mode 100644
index 000000000..c3acf8ee7
--- /dev/null
+++ b/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out
@@ -0,0 +1,31 @@
+DPI Packets (UDP): 268 (67.00 pkts/flow)
+Confidence DPI (cache) : 3 (flows)
+Confidence DPI : 1 (flows)
+Num dissector calls: 14 (3.50 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun: 41/11/3 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/0/0 (insert/search/found)
+Automa host: 0/0 (search/found)
+Automa domain: 0/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 0/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 8/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 0/0 (search/found)
+Patricia protocols: 4/4 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+SignalVoip 268 50558 4
+
+Acceptable 268 50558 4
+
+ 1 UDP 192.168.12.67:45419 <-> 35.219.226.11:54116 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 178][DPI packets before monitoring: 33][cat: VoIP/10][91 pkts/20258 bytes <-> 87 pkts/18776 bytes][Goodput ratio: 81/81][16.10 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 185/163 2145/2221 406/335][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 223/216 337/337 105/106][Mapped IP/Port: 93.35.168.30:45251, 35.219.226.11:54116][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (zaziGwgI)][Plen Bins: 6,15,11,11,0,0,0,0,46,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.67:45419 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 58][DPI packets before monitoring: 33][cat: VoIP/10][29 pkts/3570 bytes <-> 29 pkts/4210 bytes][Goodput ratio: 66/71][19.07 sec][Hostname/SNI: signal.org][bytes ratio: -0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 594/604 2518/2516 688/680][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 123/145 182/182 41/34][Mapped IP/Port: 93.35.168.30:45250, 35.219.226.11:54116, 35.219.252.146:22269, 35.219.226.11:12261][Peer IP/Port: 35.219.226.11:12261, 35.219.226.11:54116, 35.219.226.11:10127][Relayed IP/Port: 35.219.252.146:22269][PLAIN TEXT (BDIbPI2)][Plen Bins: 17,8,15,32,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.67:45419 <-> 35.219.226.11:12261 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 22][cat: VoIP/10][11 pkts/1238 bytes <-> 11 pkts/1454 bytes][Goodput ratio: 63/68][14.81 sec][bytes ratio: -0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 97/26 1215/1207 2521/2521 1083/1093][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 113/132 146/138 14/12][Mapped IP/Port: 93.35.168.30:45251, 35.219.226.11:12261][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BV39hIkc1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 192.168.12.67:45419 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.03 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/8 2504/2504 9975/9975 4313/4313][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45250][Relayed IP/Port: 35.216.234.234:45312][PLAIN TEXT (sWCyiFie)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/signal_videocall.pcapng.out b/tests/cfgs/monitoring/result/signal_videocall.pcapng.out
new file mode 100644
index 000000000..114fa9b54
--- /dev/null
+++ b/tests/cfgs/monitoring/result/signal_videocall.pcapng.out
@@ -0,0 +1,30 @@
+DPI Packets (UDP): 334 (111.33 pkts/flow)
+Confidence DPI (cache) : 2 (flows)
+Confidence DPI : 1 (flows)
+Num dissector calls: 8 (2.67 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun: 9/10/2 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/0/0 (insert/search/found)
+Automa host: 0/0 (search/found)
+Automa domain: 0/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 0/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 6/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 0/0 (search/found)
+Patricia protocols: 3/3 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+SignalVoip 334 123259 3
+
+Acceptable 334 123259 3
+
+ 1 UDP 192.168.12.67:47926 <-> 35.219.252.146:56377 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio, Video][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 298][DPI packets before monitoring: 33][cat: VoIP/10][167 pkts/87565 bytes <-> 131 pkts/31930 bytes][Goodput ratio: 92/83][10.75 sec][bytes ratio: 0.466 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/82 2304/2449 291/279][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 524/244 1223/900 385/198][Mapped IP/Port: 93.35.168.30:45266, 35.219.252.146:56377][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (17uAgN)][Plen Bins: 3,28,9,7,0,0,0,0,16,8,1,0,0,1,1,0,1,1,0,1,0,0,0,0,7,3,0,1,0,0,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.67:47926 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 26][cat: VoIP/10][13 pkts/1258 bytes <-> 13 pkts/1454 bytes][Goodput ratio: 57/62][10.01 sec][Hostname/SNI: signal.org][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/6 804/804 4015/4015 1248/1248][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 97/112 162/126 43/14][Mapped IP/Port: 93.35.168.30:45265][Peer IP/Port: 35.219.252.146:56377, 35.219.252.146:34099, 35.219.252.146:37175][Relayed IP/Port: 35.219.252.146:40378][PLAIN TEXT (BFODsIPgWuCIX)][Plen Bins: 34,19,30,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.67:47926 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.02 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/4 2503/2503 9988/9988 4321/4321][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45265][Relayed IP/Port: 35.216.234.234:29688][PLAIN TEXT (42oPBlgi)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/stun.pcap.out b/tests/cfgs/monitoring/result/stun.pcap.out
index 8e2d0dc9f..3655c21ed 100644
--- a/tests/cfgs/monitoring/result/stun.pcap.out
+++ b/tests/cfgs/monitoring/result/stun.pcap.out
@@ -38,7 +38,7 @@ JA3 Host Stats:
2 192.168.43.169 1
- 1 UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 75][DPI packets before monitoring: 33][cat: VoIP/10][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Mapped IP/Port: 93.47.226.1:11162, 185.170.139.1:12176, 31.13.86.54:53789, 185.170.139.1:42272, 31.13.86.54:57556][Peer IP/Port: 192.168.0.102:44459, 10.36.43.120:42272, 185.170.139.1:44459, 185.170.139.1:12176, 185.170.139.1:42272, 31.13.86.54:57556][Relayed IP/Port: 31.13.86.54:53789][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 75][DPI packets before monitoring: 33][cat: VoIP/10][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Mapped IP/Port: 93.47.226.1:11162, 185.170.139.1:12176, 31.13.86.54:53789, 185.170.139.1:42272, 31.13.86.54:57556][Peer IP/Port: 192.168.0.102:44459, 10.36.43.120:42272, 185.170.139.1:44459, 185.170.139.1:12176, 185.170.139.1:42272, 31.13.86.54:57556][Relayed IP/Port: 31.13.86.54:53789][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 33][cat: VoIP/10][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][Mapped IP/Port: 93.47.225.70:12165][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8][Validity: 2022-03-17 02:11:17 - 2023-03-18 02:11:17][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]
3 UDP [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603]:56880 <-> [2a38:e156:8167:a333:face:b00c::24d9]:3478 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 42][DPI packets before monitoring: 33][cat: Network/14][21 pkts/1722 bytes <-> 21 pkts/2226 bytes][Goodput ratio: 24/41][191.49 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/2 9451/9451 10358/10358 2441/2441][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Mapped IP/Port: [2001:1670:c:eb04:70af:f67f:8e49:f603]:56880][PLAIN TEXT (WOBTrOXR)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 87.47.100.17:3478 <-> 54.1.57.155:37257 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 20][cat: Network/14][9 pkts/1494 bytes <-> 11 pkts/2178 bytes][Goodput ratio: 60/67][0.95 sec][Hostname/SNI: apps-host.com][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/96 267/252 102/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/94 166/198 234/354 41/65][Mapped IP/Port: 5.37.217.126:37257][Peer IP/Port: 192.168.8.153:60001, 127.0.0.1:38763, 66.55.92.16:64920, 66.55.92.16:58225, 5.162.130.14:16947][Relayed IP/Port: 66.55.92.16:40576][PLAIN TEXT (Unauthorized)][Plen Bins: 10,0,15,21,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out b/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out
index 4db3391fb..d441d1813 100644
--- a/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out
+++ b/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out
@@ -35,6 +35,6 @@ JA3 Host Stats:
2 UDP 192.168.12.156:38152 <-> 142.250.82.76:19305 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 74][DPI packets before monitoring: 43][cat: VoIP/10][28 pkts/4034 bytes <-> 46 pkts/12188 bytes][Goodput ratio: 71/84][0.87 sec][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/10 205/154 50/29][Pkt Len c2s/s2c min/avg/max/stddev: 87/79 144/265 587/1245 89/180][Mapped IP/Port: 93.35.171.209:39032][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 49:1A:C7:70:3E:79:F9:C5:3D:0F:46:33:B7:A4:EC:54:B0:93:C9:61][Validity: 2023-06-19 17:32:20 - 2024-06-19 17:32:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (HrRgpad)][Plen Bins: 0,8,37,9,4,0,0,0,38,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.12.156:38152 <-> 142.250.82.76:3478 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 79][DPI packets before monitoring: 43][cat: VoIP/10][55 pkts/7402 bytes <-> 24 pkts/3525 bytes][Goodput ratio: 69/71][6.63 sec][bytes ratio: 0.355 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 109/184 402/761 143/224][Pkt Len c2s/s2c min/avg/max/stddev: 87/82 135/147 423/579 69/115][Mapped IP/Port: 93.35.171.209:39032][PLAIN TEXT (HrRgpad)][Plen Bins: 0,39,34,15,0,1,0,0,5,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.12.156:45400 <-> 142.250.82.76:3478 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 33][DPI packets before monitoring: 33][cat: VoIP/10][17 pkts/2694 bytes <-> 16 pkts/1696 bytes][Goodput ratio: 73/60][54.70 sec][bytes ratio: 0.227 (Upload)][IAT c2s/s2c min/avg/max/stddev: 90/78 3250/2028 17905/6554 4698/2127][Pkt Len c2s/s2c min/avg/max/stddev: 158/106 158/106 166/106 2/0][Mapped IP/Port: 93.35.171.209:39033][PLAIN TEXT (HrRgpad)][Plen Bins: 0,0,48,51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 5 UDP 192.168.12.156:38152 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10019/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39032][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (kAGNNzv)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 6 UDP 192.168.12.156:45400 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10020/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39033][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (tcEcaq476)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 UDP 192.168.12.156:45400 <-> 142.250.82.76:19305 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/324 bytes <-> 2 pkts/212 bytes][Goodput ratio: 74/60][0.63 sec][Mapped IP/Port: 93.35.171.209:39033][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (ByyD/CC)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 192.168.12.156:38152 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10019/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39032][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (kAGNNzv)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 UDP 192.168.12.156:45400 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10020/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39033][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (tcEcaq476)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 192.168.12.156:45400 <-> 142.250.82.76:19305 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/324 bytes <-> 2 pkts/212 bytes][Goodput ratio: 74/60][0.63 sec][Mapped IP/Port: 93.35.171.209:39033][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (ByyD/CC)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/stun_signal.pcapng.out b/tests/cfgs/monitoring/result/stun_signal.pcapng.out
index c0e4e1197..b71c6ece3 100644
--- a/tests/cfgs/monitoring/result/stun_signal.pcapng.out
+++ b/tests/cfgs/monitoring/result/stun_signal.pcapng.out
@@ -27,8 +27,8 @@ SignalVoip 407 43310 21
Acceptable 460 48496 23
- 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 106][DPI packets before monitoring: 33][cat: VoIP/10][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Mapped IP/Port: 93.47.225.19:11914, 18.195.131.143:61156][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.12.169:47767 <-> 18.195.131.143:61498 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 53][DPI packets before monitoring: 33][cat: VoIP/10][18 pkts/1900 bytes <-> 35 pkts/6496 bytes][Goodput ratio: 60/77][2.67 sec][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 173/74 665/630 186/150][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 106/186 146/306 26/92][Mapped IP/Port: 93.47.225.19:11932, 18.195.131.143:61498][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (80JiLM)][Plen Bins: 13,16,18,18,9,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 106][DPI packets before monitoring: 33][cat: VoIP/10][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Mapped IP/Port: 93.47.225.19:11914, 18.195.131.143:61156][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.169:47767 <-> 18.195.131.143:61498 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 53][DPI packets before monitoring: 33][cat: VoIP/10][18 pkts/1900 bytes <-> 35 pkts/6496 bytes][Goodput ratio: 60/77][2.67 sec][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 173/74 665/630 186/150][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 106/186 146/306 26/92][Mapped IP/Port: 93.47.225.19:11932, 18.195.131.143:61498][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (80JiLM)][Plen Bins: 13,16,18,18,9,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 ICMP 35.158.183.167:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][30 pkts/2780 bytes <-> 4 pkts/552 bytes][Goodput ratio: 55/69][51.83 sec][bytes ratio: 0.669 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 906/1 7931/1 2120/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: No server to client traffic / Entropy: 5.051 (Executable?)][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 0,88,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.12.169:43068 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 26][DPI packets before monitoring: 7][cat: VoIP/10][13 pkts/1598 bytes <-> 13 pkts/1638 bytes][Goodput ratio: 66/67][31.02 sec][Hostname/SNI: signal.org][bytes ratio: -0.012 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2090/2098 10035/10033 3616/3611][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 123/126 174/190 47/25][Mapped IP/Port: 93.47.225.19:11910, 35.158.183.167:64458, 18.195.131.143:61156][Peer IP/Port: 18.195.131.143:61156, 18.195.131.143:52463, 18.195.131.143:57646, 18.195.131.143:58207][Relayed IP/Port: 35.158.183.167:64458][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (xYXlLJQ)][Plen Bins: 19,15,26,30,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.12.169:47767 <-> 35.158.122.211:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 22][DPI packets before monitoring: 7][cat: VoIP/10][11 pkts/1338 bytes <-> 11 pkts/1354 bytes][Goodput ratio: 65/66][22.74 sec][Hostname/SNI: signal.org][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2483/2337 10020/10020 3944/4010][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 122/123 158/190 44/25][Mapped IP/Port: 93.47.225.19:11928, 18.195.131.143:55640][Peer IP/Port: 18.195.131.143:54054, 18.195.131.143:61498, 18.195.131.143:55640, 18.195.131.143:50716][Relayed IP/Port: 35.158.122.211:51358][Rsp Origin IP/Port: 35.158.122.211:3478][Other IP/Port: 35.158.122.211:80][PLAIN TEXT (rMfcsrHE)][Plen Bins: 18,18,27,31,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -41,12 +41,12 @@ Acceptable 460 48496 23
12 UDP 192.168.12.169:47204 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 8][cat: VoIP/10][4 pkts/448 bytes <-> 4 pkts/504 bytes][Goodput ratio: 62/67][4.85 sec][Hostname/SNI: signal.org][bytes ratio: -0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 41/42 1612/1612 4721/4721 2198/2199][Pkt Len c2s/s2c min/avg/max/stddev: 62/110 112/126 158/134 46/10][Mapped IP/Port: 93.47.225.19:11889][Relayed IP/Port: 35.158.183.167:54498][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (nYAy610)][Plen Bins: 25,0,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 UDP 192.168.12.169:37970 -> 35.158.122.211:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 14][cat: VoIP/10][14 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][15.78 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 984/0 7992/0 2186/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (braaHWB)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 192.168.12.169:47767 -> 35.158.122.211:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 14][cat: VoIP/10][14 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][15.78 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 982/0 8022/0 2200/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (BtotYst)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 UDP 192.168.12.169:37970 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/250 4201/2720 10126/10103 4828/4263][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11929][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BNEmtWH)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 UDP 192.168.12.169:39950 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.40 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/248 4203/2720 10135/10132 4842/4279][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11911][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (quISgYTP)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 17 UDP 192.168.12.169:43068 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.38 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/249 4201/2720 10128/10128 4837/4277][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11910][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BnDbEJB)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 UDP 192.168.12.169:47767 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 249/250 4202/2720 10130/10105 4830/4264][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11928][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (lbMRpRo)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 UDP 192.168.12.169:47767 <-> 18.195.131.143:54054 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/390 bytes <-> 3 pkts/350 bytes][Goodput ratio: 68/64][0.18 sec][bytes ratio: 0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/4 48/52 90/101 42/48][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 130/117 146/138 17/15][Mapped IP/Port: 93.47.225.19:11928, 18.195.131.143:54054][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (JUrAzE1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 UDP 192.168.12.169:37970 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/250 4201/2720 10126/10103 4828/4263][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11929][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BNEmtWH)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 UDP 192.168.12.169:39950 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.40 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/248 4203/2720 10135/10132 4842/4279][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11911][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (quISgYTP)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 17 UDP 192.168.12.169:43068 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.38 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 250/249 4201/2720 10128/10128 4837/4277][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11910][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BnDbEJB)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 UDP 192.168.12.169:47767 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][21.39 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 249/250 4202/2720 10130/10105 4830/4264][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.47.225.19:11928][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (lbMRpRo)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 UDP 192.168.12.169:47767 <-> 18.195.131.143:54054 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/390 bytes <-> 3 pkts/350 bytes][Goodput ratio: 68/64][0.18 sec][bytes ratio: 0.054 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/4 48/52 90/101 42/48][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 130/117 146/138 17/15][Mapped IP/Port: 93.47.225.19:11928, 18.195.131.143:54054][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (JUrAzE1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 UDP 192.168.12.169:39518 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][10 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][3.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 64/0 424/0 1928/0 598/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 UDP 192.168.12.169:47204 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][10 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][3.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 63/0 424/0 1928/0 597/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 UDP 192.168.12.169:39518 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.62 sec][Mapped IP/Port: 93.47.225.19:11888][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 UDP 192.168.12.169:47204 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.63 sec][Mapped IP/Port: 93.47.225.19:11889][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 22 UDP 192.168.12.169:39518 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.62 sec][Mapped IP/Port: 93.47.225.19:11888][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 UDP 192.168.12.169:47204 <-> 172.253.121.127:19302 [proto: 78.269/STUN.SignalVoip][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/148 bytes][Goodput ratio: 32/43][0.63 sec][Mapped IP/Port: 93.47.225.19:11889][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/stun_wa_call.pcapng.out b/tests/cfgs/monitoring/result/stun_wa_call.pcapng.out
index 6f72ef0ad..66065c1ec 100644
--- a/tests/cfgs/monitoring/result/stun_wa_call.pcapng.out
+++ b/tests/cfgs/monitoring/result/stun_wa_call.pcapng.out
@@ -27,14 +27,14 @@ ICMP 1 110 1
Acceptable 591 133689 13
- 1 UDP 192.168.12.156:46652 <-> 93.57.123.227:3478 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 377][DPI packets before monitoring: 17][cat: VoIP/10][171 pkts/28371 bytes <-> 206 pkts/29803 bytes][Goodput ratio: 75/71][31.78 sec][bytes ratio: -0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 178/151 2505/2463 255/222][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 166/145 434/446 100/85][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 93.57.123.227:3478][Plen Bins: 14,41,11,8,2,2,3,2,5,4,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.12.156:49526 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 121][DPI packets before monitoring: 33][cat: VoIP/10][48 pkts/12953 bytes <-> 73 pkts/40083 bytes][Goodput ratio: 84/92][14.68 sec][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 191/164 3009/3009 684/623][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 270/549 542/1155 203/421][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.203.62:3478][PLAIN TEXT (dsUmpy)][Plen Bins: 8,18,19,1,0,0,0,0,3,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,2,4,2,1,2,3,4,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.12.156:49526 <-> 93.33.118.87:41107 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 16][cat: VoIP/10][8 pkts/3465 bytes <-> 8 pkts/5392 bytes][Goodput ratio: 90/94][0.38 sec][bytes ratio: -0.218 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/35 124/160 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 75/86 433/674 997/876 437/340][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,38,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,18,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.12.156:46652 <-> 93.57.123.227:3478 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 377][DPI packets before monitoring: 17][cat: VoIP/10][171 pkts/28371 bytes <-> 206 pkts/29803 bytes][Goodput ratio: 75/71][31.78 sec][bytes ratio: -0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 178/151 2505/2463 255/222][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 166/145 434/446 100/85][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 93.57.123.227:3478][Plen Bins: 14,41,11,8,2,2,3,2,5,4,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.156:49526 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][Stream Content: Audio, Video][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 121][DPI packets before monitoring: 33][cat: VoIP/10][48 pkts/12953 bytes <-> 73 pkts/40083 bytes][Goodput ratio: 84/92][14.68 sec][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 191/164 3009/3009 684/623][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 270/549 542/1155 203/421][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.203.62:3478][PLAIN TEXT (dsUmpy)][Plen Bins: 8,18,19,1,0,0,0,0,3,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,2,4,2,1,2,3,4,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.156:49526 <-> 93.33.118.87:41107 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 16][cat: VoIP/10][8 pkts/3465 bytes <-> 8 pkts/5392 bytes][Goodput ratio: 90/94][0.38 sec][bytes ratio: -0.218 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/35 124/160 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 75/86 433/674 997/876 437/340][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,38,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,18,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.12.156:46652 <-> 157.240.21.51:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/831 29269/2494 12355/1176][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.21.51:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.12.156:46652 <-> 157.240.195.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 7942/832 29268/2497 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.195.48:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.12.156:46652 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/832 29269/2496 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.203.62:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.12.156:46652 <-> 157.240.231.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/833 29269/2497 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Mapped IP/Port: 93.35.171.3:61494][Relayed IP/Port: 157.240.231.62:3478][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP 192.168.12.156:49526 -> 10.82.40.241:40436 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 20][cat: VoIP/10][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.68 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 548/0 562/0 602/0 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.156:49526 -> 10.82.40.241:40436 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 20][cat: VoIP/10][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.68 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 548/0 562/0 602/0 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 192.168.12.156:49526 <-> 157.240.196.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.196.62:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP 192.168.12.156:49526 <-> 157.240.231.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.231.62:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP 192.168.12.156:49526 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 179.60.192.48:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/teams.pcap.out b/tests/cfgs/monitoring/result/teams.pcap.out
index 80dc273f2..47e548e61 100644
--- a/tests/cfgs/monitoring/result/teams.pcap.out
+++ b/tests/cfgs/monitoring/result/teams.pcap.out
@@ -86,24 +86,24 @@ JA3 Host Stats:
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
- 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 338.38/SRTP.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 37][DPI packets before monitoring: 33][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332, 80.181.206.72:57543][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
+ 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 338.38/SRTP.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 37][DPI packets before monitoring: 33][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332, 80.181.206.72:57543][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 125/Skype_Teams, Confidence: DNS][DPI packets: 5][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
- 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
- 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
+ 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
+ 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333, 52.114.250.137:3480][Peer IP/Port: 18.140.192.228:28678, 45.143.25.227:20229, 201.221.32.65:43863][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][Mapped IP/Port: 93.71.110.205:16332, 52.114.250.141:3480][Peer IP/Port: 159.145.24.130:64794, 253.62.53.33:40885, 22.64.154.119:29899][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
45 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
46 UDP 192.168.1.6:50017 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 99/97 2002/2002 3906/3906 1904/1904][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
47 UDP 192.168.1.6:50037 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 95/94 2000/2000 3905/3905 1905/1906][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 8][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333, 80.181.206.72:61310][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 8][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Mapped IP/Port: 93.71.110.205:16333, 80.181.206.72:61310][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
51 UDP 192.168.1.6:50016 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.141:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 UDP 192.168.1.6:50036 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 3][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][Mapped IP/Port: 52.114.250.137:3480][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -115,8 +115,8 @@ JA3 Host Stats:
59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.219/DNS.Microsoft365, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.8:3479][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Mapped IP/Port: 52.114.252.21:3480][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.26/DNS.ntop, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][0.0.0.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/telegram_videocall.pcapng.out b/tests/cfgs/monitoring/result/telegram_videocall.pcapng.out
index 5d141a34a..8018e2c6f 100644
--- a/tests/cfgs/monitoring/result/telegram_videocall.pcapng.out
+++ b/tests/cfgs/monitoring/result/telegram_videocall.pcapng.out
@@ -41,27 +41,27 @@ Acceptable 883 382822 33
1 TCP 192.168.12.169:37950 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][156 pkts/40749 bytes <-> 214 pkts/142865 bytes][Goodput ratio: 75/90][41.14 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 246/152 12847/5983 1291/707][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/668 1090/1294 224/564][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.257 (Encrypted Executable?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (MMHu@J)][Plen Bins: 0,0,2,2,4,5,6,4,4,3,0,1,0,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0]
2 TCP 192.168.12.169:40830 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][80 pkts/7287 bytes <-> 100 pkts/120708 bytes][Goodput ratio: 27/95][28.19 sec][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 437/1 25008/31 3114/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/1207 644/1294 95/289][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.638 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (elySaT)][Plen Bins: 0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,94,0,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 114][DPI packets before monitoring: 33][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Mapped IP/Port: 93.47.225.70:11624, 93.36.13.115:35393][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][Stream Content: Audio, Video][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 114][DPI packets before monitoring: 33][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Mapped IP/Port: 93.47.225.70:11624, 93.36.13.115:35393][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.12.169:40832 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][18 pkts/2256 bytes <-> 15 pkts/13705 bytes][Goodput ratio: 47/93][28.20 sec][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/280 2909/2997 746/859][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 125/914 644/1294 150/495][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.526 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (lmd/HB)][Plen Bins: 0,0,0,0,6,6,6,0,0,0,6,0,0,0,0,0,0,0,6,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.12.169:46862 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][11 pkts/1963 bytes <-> 8 pkts/2558 bytes][Goodput ratio: 63/79][10.13 sec][bytes ratio: -0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1124/32 9909/87 3106/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/320 452/670 155/261][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.322 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,11,0,22,0,0,0,0,22,0,11,0,0,0,11,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 192.168.12.169:46866 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][9 pkts/1879 bytes <-> 6 pkts/1822 bytes][Goodput ratio: 68/78][10.11 sec][bytes ratio: 0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/30 1440/34 9925/41 3464/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 209/304 436/839 161/306][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.504 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,14,0,0,0,14,0,14,0,28,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 UDP 192.168.12.169:40643 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 18][cat: VoIP/10][8 pkts/1224 bytes <-> 10 pkts/1236 bytes][Goodput ratio: 72/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 2360/1766 13458/13458 4964/4420][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 153/124 170/190 33/25][Mapped IP/Port: 93.47.225.70:11618, 93.36.13.115:35520][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 93.36.13.115:35520, 91.108.9.35:65410][Relayed IP/Port: 91.108.9.35:56058][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 5,16,34,16,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP 192.168.12.169:40906 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 13][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 98/0 1088/0 1553/0 481/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (BBEvpfJJpa)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 UDP 192.168.12.169:42405 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 13][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 97/0 1047/0 2004/0 541/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (bfyeXPVa97N)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 192.168.12.169:40643 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 18][cat: VoIP/10][8 pkts/1224 bytes <-> 10 pkts/1236 bytes][Goodput ratio: 72/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 2360/1766 13458/13458 4964/4420][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 153/124 170/190 33/25][Mapped IP/Port: 93.47.225.70:11618, 93.36.13.115:35520][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 93.36.13.115:35520, 91.108.9.35:65410][Relayed IP/Port: 91.108.9.35:56058][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 5,16,34,16,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.169:40906 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 13][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 98/0 1088/0 1553/0 481/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (BBEvpfJJpa)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 UDP 192.168.12.169:42405 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 13][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 97/0 1047/0 2004/0 541/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (bfyeXPVa97N)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 192.168.12.169:40834 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][5 pkts/788 bytes <-> 3 pkts/890 bytes][Goodput ratio: 57/77][0.17 sec][bytes ratio: -0.061 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/47 24/68 42/90 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/297 315/750 110/321][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.107 (Compressed Executable?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 11 UDP 192.168.12.169:49667 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 82/81 176/176 283/284 76/77][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11619][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 91.108.9.35:65410][Relayed IP/Port: 91.108.13.23:62318][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (ehscoNGDW)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 UDP 192.168.12.169:49780 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 83/84 174/175 253/252 62/61][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11620][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 91.108.9.35:65410][Relayed IP/Port: 91.108.17.2:45408][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 11 UDP 192.168.12.169:49667 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 82/81 176/176 283/284 76/77][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11619][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 91.108.9.35:65410][Relayed IP/Port: 91.108.13.23:62318][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (ehscoNGDW)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 UDP 192.168.12.169:49780 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 83/84 174/175 253/252 62/61][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11620][Peer IP/Port: 10.46.103.200:42554, 93.36.13.115:35393, 91.108.9.35:65410][Relayed IP/Port: 91.108.17.2:45408][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 192.168.12.169:37966 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][5 pkts/1117 bytes <-> 3 pkts/464 bytes][Goodput ratio: 70/55][0.15 sec][bytes ratio: 0.413 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 20/62 33/91 13/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 223/155 532/324 196/120][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.574 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,33,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 UDP 192.168.12.169:37444 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 159/159 7082/7082 14005/14005 6923/6923][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11623][Relayed IP/Port: 91.108.17.2:35898][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 UDP 192.168.12.169:37530 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/132 7082/7082 14032/14032 6950/6950][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11622][Relayed IP/Port: 91.108.13.23:34290][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 UDP 192.168.12.169:37849 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 30/45 7084/7084 14138/14124 7054/7040][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11621][Relayed IP/Port: 91.108.9.35:63273][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Bs/cdOs)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 17 UDP 192.168.12.169:40906 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/248 bytes <-> 2 pkts/244 bytes][Goodput ratio: 66/65][0.13 sec][Mapped IP/Port: 93.47.225.70:11616, 93.36.13.115:35393][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 UDP 192.168.12.169:40906 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 UDP 192.168.12.169:40906 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.28 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (RBkPSgr)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 20 UDP 192.168.12.169:40906 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 21 UDP 192.168.12.169:42197 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BZOyNeHQUCZIf)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 UDP 192.168.12.169:42197 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.27 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BrHWdEqa2)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 UDP 192.168.12.169:42197 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BYyA/MmBER1)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 UDP 192.168.12.169:37444 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 159/159 7082/7082 14005/14005 6923/6923][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11623][Relayed IP/Port: 91.108.17.2:35898][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 UDP 192.168.12.169:37530 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/132 7082/7082 14032/14032 6950/6950][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11622][Relayed IP/Port: 91.108.13.23:34290][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 UDP 192.168.12.169:37849 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 30/45 7084/7084 14138/14124 7054/7040][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11621][Relayed IP/Port: 91.108.9.35:63273][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Bs/cdOs)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 17 UDP 192.168.12.169:40906 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/248 bytes <-> 2 pkts/244 bytes][Goodput ratio: 66/65][0.13 sec][Mapped IP/Port: 93.47.225.70:11616, 93.36.13.115:35393][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 UDP 192.168.12.169:40906 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 UDP 192.168.12.169:40906 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.28 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (RBkPSgr)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 20 UDP 192.168.12.169:40906 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11616][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 21 UDP 192.168.12.169:42197 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.9.35:1400][Other IP/Port: 10.67.66.99:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BZOyNeHQUCZIf)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 22 UDP 192.168.12.169:42197 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.27 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.13.23:1400][Other IP/Port: 10.160.194.103:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BrHWdEqa2)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 UDP 192.168.12.169:42197 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Mapped IP/Port: 93.47.225.70:11617][Rsp Origin IP/Port: 91.108.17.2:1400][Other IP/Port: 10.130.194.98:1401][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BYyA/MmBER1)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 UDP 192.168.12.1:17500 -> 192.168.12.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][30.01 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 TCP 18.195.162.93:443 <-> 192.168.12.169:38956 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/163 bytes <-> 2 pkts/132 bytes][Goodput ratio: 19/0][5.09 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 TCP 192.168.12.169:40710 <-> 52.58.18.25:5222 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Cloud/13][2 pkts/144 bytes <-> 2 pkts/144 bytes][Goodput ratio: 8/8][0.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -69,7 +69,7 @@ Acceptable 883 382822 33
28 ICMP 192.168.12.169:0 -> 91.108.9.35:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.590 (Executable?)][PLAIN TEXT (ORtRLoo/fpi)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 ICMP 192.168.12.169:0 -> 91.108.13.23:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.612 (Executable?)][PLAIN TEXT (BuBNffVSd)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 ICMP 192.168.12.169:0 -> 91.108.17.2:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.01 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.737 (Executable?)][PLAIN TEXT (KHOirrFTCqEz)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 31 TCP 192.168.12.169:37948 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][FPC: 185/Telegram, Confidence: IP address][DPI packets: 3][cat: Chat/9][2 pkts/128 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 31 TCP 192.168.12.169:37948 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][FPC: 185/Telegram, Confidence: IP address][DPI packets: 3][cat: Chat/9][2 pkts/128 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 UDP [fe80::abe:acff:fe0b:176e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 ICMPV6 [fe80::abe:acff:fe0b:176e]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out b/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out
new file mode 100644
index 000000000..1414781f6
--- /dev/null
+++ b/tests/cfgs/monitoring/result/telegram_videocall_2.pcapng.out
@@ -0,0 +1,41 @@
+DPI Packets (UDP): 257 (32.12 pkts/flow)
+Confidence DPI : 8 (flows)
+Num dissector calls: 204 (25.50 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun: 9/18/0 (insert/search/found)
+LRU cache tls_cert: 0/1/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 0/0/0 (insert/search/found)
+Automa host: 2/0 (search/found)
+Automa domain: 2/0 (search/found)
+Automa tls cert: 1/0 (search/found)
+Automa risk mask: 1/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 12/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 1/0 (search/found)
+Patricia protocols: 8/6 (search/found)
+Patricia protocols IPv6: 2/0 (search/found)
+
+MDNS 2 194 2
+STUN 8 560 2
+Telegram 61 9370 3
+TelegramVoip 244 121141 1
+
+Acceptable 315 131265 8
+
+JA3 Host Stats:
+ IP Address # JA3C
+
+
+ 1 UDP 192.168.12.67:39968 <-> 91.108.9.106:1400 [proto: 30.355/DTLS.TelegramVoip][IP: 185/Telegram][Stream Content: Audio, Video][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 244][DPI packets before monitoring: 43][cat: VoIP/10][124 pkts/50596 bytes <-> 120 pkts/70545 bytes][Goodput ratio: 90/93][2.48 sec][Hostname/SNI: telegram.org][bytes ratio: -0.165 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/20 633/629 67/66][Pkt Len c2s/s2c min/avg/max/stddev: 70/84 408/588 1253/1235 406/467][Mapped IP/Port: 93.35.170.144:39295, 91.108.9.106:37674, 91.108.9.106:52874][Peer IP/Port: 91.108.9.106:52874][Relayed IP/Port: 91.108.9.106:37674][Risk: ** Self-signed Cert **** TLS Cert About To Expire **][Risk Score: 150][Risk Info: 17/Nov/2024 16:19:00 - 18/Dec/2024 16:19:00 / CN=WebRTC][DTLSv1.2][JA3S: 6431b01c80e20aa21a6d7a54b248a3bf][Issuer: CN=WebRTC][Subject: CN=WebRTC][Certificate SHA-1: 27:83:F6:62:B2:02:79:6C:C7:B9:73:6C:DA:79:A5:2F:71:48:C3:83][Validity: 2024-11-17 16:19:00 - 2024-12-18 16:19:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (1/talggGwr)][Plen Bins: 0,22,11,4,10,2,6,1,7,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,3,6,4,2,0,0,1,4,6,3,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.67:44275 <-> 91.108.9.10:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][17 pkts/2958 bytes <-> 16 pkts/2740 bytes][Goodput ratio: 76/75][2.07 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 85/139 514/688 135/213][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 174/171 638/614 119/118][PLAIN TEXT (OUePGE4)][Plen Bins: 0,6,42,39,3,3,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.67:42417 <-> 91.108.13.26:598 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][9 pkts/1266 bytes <-> 9 pkts/1154 bytes][Goodput ratio: 70/67][1.72 sec][bytes ratio: 0.046 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 51/42 198/214 514/512 144/169][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 141/128 162/162 33/15][PLAIN TEXT (03U/SsH)][Plen Bins: 0,11,50,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 192.168.12.67:46675 <-> 91.108.17.8:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][5 pkts/650 bytes <-> 5 pkts/602 bytes][Goodput ratio: 68/65][1.68 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 191/190 333/382 514/569 125/162][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 130/120 162/130 39/12][Plen Bins: 0,20,50,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 192.168.12.67:39329 -> 91.108.13.3:1400 [proto: 78/STUN][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][1.75 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 UDP 192.168.12.67:44679 -> 91.108.17.49:1400 [proto: 78/STUN][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][1.75 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (sENzap5)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP [fe80::76da:38ff:feed:5332]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/telegram_voice.pcapng.out b/tests/cfgs/monitoring/result/telegram_voice.pcapng.out
new file mode 100644
index 000000000..48d347a99
--- /dev/null
+++ b/tests/cfgs/monitoring/result/telegram_voice.pcapng.out
@@ -0,0 +1,41 @@
+DPI Packets (UDP): 780 (86.67 pkts/flow)
+DPI Packets (other): 1 (1.00 pkts/flow)
+Confidence DPI : 10 (flows)
+Num dissector calls: 206 (20.60 diss/flow)
+LRU cache ookla: 0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun: 21/24/0 (insert/search/found)
+LRU cache tls_cert: 0/0/0 (insert/search/found)
+LRU cache mining: 0/0/0 (insert/search/found)
+LRU cache msteams: 0/0/0 (insert/search/found)
+LRU cache fpc_dns: 1/0/0 (insert/search/found)
+Automa host: 4/2 (search/found)
+Automa domain: 4/0 (search/found)
+Automa tls cert: 0/0 (search/found)
+Automa risk mask: 4/0 (search/found)
+Automa common alpns: 0/0 (search/found)
+Patricia risk mask: 16/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk: 0/0 (search/found)
+Patricia risk IPv6: 1/0 (search/found)
+Patricia protocols: 11/7 (search/found)
+Patricia protocols IPv6: 2/0 (search/found)
+
+MDNS 2 194 2
+ICMP 5 812 1
+Telegram 86 17936 3
+GoogleServices 2 208 1
+TelegramVoip 773 144403 3
+
+Acceptable 868 163553 10
+
+ 1 UDP 192.168.12.67:42567 <-> 91.108.9.34:1400 [proto: 30.355/DTLS.TelegramVoip][IP: 185/Telegram][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 742][DPI packets before monitoring: 43][cat: VoIP/10][401 pkts/72973 bytes <-> 341 pkts/67660 bytes][Goodput ratio: 77/79][14.03 sec][Hostname/SNI: telegram.org][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/37 364/362 30/30][Pkt Len c2s/s2c min/avg/max/stddev: 70/84 182/198 329/330 82/86][Mapped IP/Port: 93.35.170.144:39263, 91.108.9.34:51052, 91.108.9.34:47026][Peer IP/Port: 91.108.9.34:47026][Relayed IP/Port: 91.108.9.34:51052][PLAIN TEXT (Unauthorized)][Plen Bins: 0,28,6,5,5,1,6,21,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.12.67:41011 <-> 91.108.9.68:596 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][12 pkts/2100 bytes <-> 60 pkts/14416 bytes][Goodput ratio: 76/83][10.53 sec][bytes ratio: -0.746 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 55/27 245/216 71/45][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 175/240 614/682 138/121][PLAIN TEXT (kWpcVUz)][Plen Bins: 0,4,28,20,2,1,1,2,35,2,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.67:46013 <-> 91.108.13.52:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 16][cat: VoIP/10][10 pkts/1084 bytes <-> 6 pkts/804 bytes][Goodput ratio: 61/69][12.44 sec][Hostname/SNI: telegram.org][bytes ratio: 0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/0 1188/0 4001/0 1191/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 108/134 166/134 47/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (v/cApISKdp)][Plen Bins: 37,0,37,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 UDP 192.168.12.67:44405 <-> 91.108.17.41:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 15][cat: VoIP/10][11 pkts/1346 bytes <-> 4 pkts/536 bytes][Goodput ratio: 66/69][12.70 sec][Hostname/SNI: telegram.org][bytes ratio: 0.430 (Upload)][IAT c2s/s2c min/avg/max/stddev: 251/0 1355/0 4002/0 1120/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/134 122/134 166/134 48/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BIWk/i)][Plen Bins: 33,0,26,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP 192.168.12.67:39027 <-> 91.108.13.51:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][4 pkts/376 bytes <-> 4 pkts/480 bytes][Goodput ratio: 55/65][10.63 sec][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 36/88 3502/3502 9969/10006 4577/4601][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 94/120 130/162 21/24][PLAIN TEXT (BDlMWdxrdJP)][Plen Bins: 0,37,50,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 6 ICMP 192.168.12.67:0 -> 91.108.9.34:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/812 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.07 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 6.979 (Compressed Executable?)][PLAIN TEXT (XYRpDQCom)][Plen Bins: 0,0,20,60,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 192.168.12.67:46868 <-> 91.108.17.7:597 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: DPI][DPI packets: 1][cat: Chat/9][3 pkts/246 bytes <-> 3 pkts/318 bytes][Goodput ratio: 49/60][10.65 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 500/500 5253/5253 10006/10006 4753/4753][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.67:44574 <-> 192.168.12.1:53 [proto: 5.239/DNS.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.239/DNS.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/96 bytes <-> 1 pkts/112 bytes][Goodput ratio: 56/62][0.00 sec][Hostname/SNI: crashlyticsreports-pa.googleapis.com][0.0.0.0][PLAIN TEXT (crashlyticsreports)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 UDP [fe80::76da:38ff:feed:5332]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/openvpn_heuristic_enabled/result/openvpn_obfuscated.pcapng.out b/tests/cfgs/openvpn_heuristic_enabled/result/openvpn_obfuscated.pcapng.out
index 6277fe85f..6e4f4a99b 100644
--- a/tests/cfgs/openvpn_heuristic_enabled/result/openvpn_obfuscated.pcapng.out
+++ b/tests/cfgs/openvpn_heuristic_enabled/result/openvpn_obfuscated.pcapng.out
@@ -28,4 +28,4 @@ Acceptable 177 53289 3
1 TCP 107.161.86.131:443 <-> 192.168.12.156:48072 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 40][cat: VPN/2][40 pkts/9272 bytes <-> 47 pkts/16197 bytes][Goodput ratio: 70/81][3.15 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 212/303 66/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/345 1514/1090 370/406][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated OpenVPN / Expected on port 1194][PLAIN TEXT (MhLYoT)][Plen Bins: 35,3,3,15,1,1,0,0,1,3,5,1,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,18,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
2 TCP 192.168.12.156:37976 <-> 185.128.25.99:465 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 19][cat: VPN/2][29 pkts/7410 bytes <-> 31 pkts/9812 bytes][Goodput ratio: 74/79][1.73 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/26 1019/153 204/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 256/317 1090/1514 256/424][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated OpenVPN / Expected on port 1194][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (HrFTzP)][Plen Bins: 0,0,14,30,14,2,0,2,5,0,5,5,2,0,0,2,0,0,0,0,0,2,0,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
- 3 UDP 192.168.12.156:47128 <-> 149.102.238.108:1214 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 10][cat: VPN/2][19 pkts/3629 bytes <-> 11 pkts/6969 bytes][Goodput ratio: 78/93][1.26 sec][bytes ratio: -0.315 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/132 1156/1023 278/337][Pkt Len c2s/s2c min/avg/max/stddev: 115/136 191/634 782/1158 153/438][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Obfuscated Traffic **][Risk Score: 160][Risk Info: Entropy: 6.051 (Executable?) / Obfuscated OpenVPN][PLAIN TEXT (SFhAFI)][Plen Bins: 0,0,23,41,3,0,0,0,3,0,3,6,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.156:47128 <-> 149.102.238.108:1214 [proto: 159.426/OpenVPN.NordVPN][IP: 426/NordVPN][Encrypted][Confidence: DPI (aggressive)][FPC: 426/NordVPN, Confidence: IP address][DPI packets: 10][cat: VPN/2][19 pkts/3629 bytes <-> 11 pkts/6969 bytes][Goodput ratio: 78/93][1.26 sec][bytes ratio: -0.315 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/132 1156/1023 278/337][Pkt Len c2s/s2c min/avg/max/stddev: 115/136 191/634 782/1158 153/438][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Obfuscated Traffic **][Risk Score: 160][Risk Info: Entropy: 6.051 (Executable?) / Obfuscated OpenVPN / Expected on port 1194][PLAIN TEXT (SFhAFI)][Plen Bins: 0,0,23,41,3,0,0,0,3,0,3,6,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out b/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out
index 1265bc4c6..5fe7ad3db 100644
--- a/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out
+++ b/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out
@@ -86,24 +86,24 @@ JA3 Host Stats:
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
- 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
+ 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 125/Skype_Teams, Confidence: DNS][DPI packets: 5][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
- 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
- 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
+ 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
+ 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
45 TCP 93.62.150.157:443 <-> 192.168.1.6:60512 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/1258 bytes <-> 2 pkts/108 bytes][Goodput ratio: 89/0][< 1 sec][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
46 UDP 192.168.1.6:50017 <-> 52.114.250.141:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 99/97 2002/2002 3906/3906 1904/1904][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
47 UDP 192.168.1.6:50037 <-> 52.114.250.137:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/594 bytes <-> 3 pkts/611 bytes][Goodput ratio: 79/79][4.05 sec][bytes ratio: -0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 95/94 2000/2000 3905/3905 1905/1906][Pkt Len c2s/s2c min/avg/max/stddev: 110/187 198/204 256/229 63/18][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,16,0,33,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 48 UDP 93.71.110.205:16333 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/414 bytes <-> 5 pkts/634 bytes][Goodput ratio: 69/67][2.31 sec][bytes ratio: -0.210 (Download)][IAT c2s/s2c min/avg/max/stddev: 101/15 634/572 1166/1168 532/565][Pkt Len c2s/s2c min/avg/max/stddev: 130/88 138/127 154/158 11/27][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,25,37,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 49 UDP 192.168.1.6:50016 -> 192.168.0.4:50005 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 50 UDP 192.168.1.6:50036 -> 192.168.0.4:50020 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][5 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][1.22 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
51 UDP 192.168.1.6:50016 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 UDP 192.168.1.6:50036 <-> 52.114.250.123:3478 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/110 bytes <-> 2 pkts/424 bytes][Goodput ratio: 61/80][0.12 sec][PLAIN TEXT (The request did not contain a M)][Plen Bins: 0,0,33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -115,8 +115,8 @@ JA3 Host Stats:
59 UDP 192.168.1.6:57504 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/92 bytes <-> 1 pkts/222 bytes][Goodput ratio: 54/81][0.04 sec][Hostname/SNI: chatsvcagg.svcs.teams.office.com][52.114.88.59][PLAIN TEXT (chatsvcagg)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
60 UDP 192.168.1.6:58457 <-> 192.168.1.1:53 [proto: 5.219/DNS.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.219/DNS.Microsoft365, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/236 bytes][Goodput ratio: 46/82][0.01 sec][Hostname/SNI: outlook.office.com][13.107.18.11][PLAIN TEXT (outlook)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
61 UDP 192.168.1.6:50653 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/216 bytes][Goodput ratio: 55/80][0.03 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][52.114.77.136][PLAIN TEXT (flightproxy)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 62 UDP 52.114.252.8:3479 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 63 UDP 52.114.252.21:3480 <-> 192.168.1.6:50036 [proto: 78.38/STUN.Skype_TeamsCall][IP: 276/Azure][Stream Content: Video][ClearText][Confidence: DPI][FPC: 78.38/STUN.Skype_TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/166 bytes <-> 1 pkts/142 bytes][Goodput ratio: 74/70][0.01 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.1.6:64046 <-> 192.168.1.1:53 [proto: 5.26/DNS.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.26/DNS.ntop, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/166 bytes <-> 1 pkts/136 bytes][Goodput ratio: 49/69][1.01 sec][Hostname/SNI: b._dns-sd._udp.ntop.org][0.0.0.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (postmaster)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 UDP 192.168.1.6:63106 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/203 bytes][Goodput ratio: 55/79][0.03 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][52.114.75.70][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
66 UDP 192.168.1.6:61245 <-> 192.168.1.1:53 [proto: 5.250/DNS.Teams][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.250/DNS.Teams, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/209 bytes][Goodput ratio: 51/80][0.05 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][52.114.250.123][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (microsoft)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out
index ddd960b67..5782e9a0b 100644
--- a/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out
+++ b/tests/cfgs/stun_extra_dissection/result/lru_ipv6_caches.pcapng.out
@@ -37,11 +37,11 @@ JA3 Host Stats:
2 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44144 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.16 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
3 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44150 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
4 TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44192 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
- 5 UDP [2a2f:8509:1cb2:466d:ecbf:69d6:109c:608]:62229 -> [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][9 pkts/2397 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][9.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1249/0 8358/0 2694/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 266/0 610/0 243/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (added.f)][Plen Bins: 44,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 5 UDP [2a2f:8509:1cb2:466d:ecbf:69d6:109c:608]:62229 -> [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][9 pkts/2397 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][9.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1249/0 8358/0 2694/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 266/0 610/0 243/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (added.f)][Plen Bins: 44,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP [3069:c624:1d42:9469:98b1:67ff:fe43:325]:56131 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 11][cat: VoIP/10][11 pkts/1958 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][2.35 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/0 236/0 1183/0 350/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 178/0 214/0 41/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BHBeRjaHJ)][Plen Bins: 9,0,18,0,72,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP [2118:ec33:112b:7908:2c80:27ff:fef7:d71f]:48415 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 11][cat: VoIP/10][11 pkts/1742 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][2.97 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 279/0 1388/0 400/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 158/0 214/0 51/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (NGuJOnsW)][Plen Bins: 18,0,36,0,45,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27]:60506 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][11 pkts/1319 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][6.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 670/0 2769/0 758/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 120/0 431/0 99/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (added.f)][Plen Bins: 72,18,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][8.49 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [38b2:46b7:27a4:94c3:c134:948:e069:d71f]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][20.08 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27]:60506 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][11 pkts/1319 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][6.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 670/0 2769/0 758/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 120/0 431/0 99/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (added.f)][Plen Bins: 72,18,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][8.49 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 10 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [38b2:46b7:27a4:94c3:c134:948:e069:d71f]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][20.08 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP [3297:a1af:5121:cfc:360b:2e07:872f:1ea0]:43865 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 2][cat: VoIP/10][2 pkts/296 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][0.26 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BZ9/sp6)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83]:1 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp.pcapng.out b/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp.pcapng.out
index c856d6cd6..c4ece6066 100644
--- a/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp.pcapng.out
+++ b/tests/cfgs/stun_extra_dissection/result/stun_dtls_rtp.pcapng.out
@@ -31,5 +31,5 @@ JA3 Host Stats:
2 192.168.12.182 1
- 1 TCP 192.168.12.182:50221 <-> 142.250.82.249:3478 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 63][cat: VoIP/10][28 pkts/3492 bytes <-> 35 pkts/14442 bytes][Goodput ratio: 56/87][0.89 sec][Hostname/SNI: turn.l.google.com][bytes ratio: -0.611 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/13 55/55 17/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 125/413 250/1162 71/442][Mapped IP/Port: 93.35.170.27:64994][Peer IP/Port: 10.13.0.50:1259][Relayed IP/Port: 10.13.0.62:15530][Risk: ** TLS Cert About To Expire **][Risk Score: 50][Risk Info: 16/Mar/2024 12:47:23 - 16/Apr/2024 12:47:23][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 717ecda0d920dc848680e6da69fb0468][Issuer: CN=WebRTC][Subject: CN=WebRTC][Certificate SHA-1: 33:D9:F2:88:62:62:B0:C4:A1:20:72:CA:BF:CF:E7:69:A0:9E:0F:94][Validity: 2024-03-16 12:47:23 - 2024-04-16 12:47:23][Cipher: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256][PLAIN TEXT (Lvsrdelc)][Plen Bins: 2,2,12,15,21,10,2,0,0,0,5,0,0,0,0,0,0,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.12.182:50221 <-> 142.250.82.249:3478 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Video][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 63][cat: VoIP/10][28 pkts/3492 bytes <-> 35 pkts/14442 bytes][Goodput ratio: 56/87][0.89 sec][Hostname/SNI: turn.l.google.com][bytes ratio: -0.611 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/13 55/55 17/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 125/413 250/1162 71/442][Mapped IP/Port: 93.35.170.27:64994][Peer IP/Port: 10.13.0.50:1259][Relayed IP/Port: 10.13.0.62:15530][Risk: ** TLS Cert About To Expire **][Risk Score: 50][Risk Info: 16/Mar/2024 12:47:23 - 16/Apr/2024 12:47:23][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 717ecda0d920dc848680e6da69fb0468][Issuer: CN=WebRTC][Subject: CN=WebRTC][Certificate SHA-1: 33:D9:F2:88:62:62:B0:C4:A1:20:72:CA:BF:CF:E7:69:A0:9E:0F:94][Validity: 2024-03-16 12:47:23 - 2024-04-16 12:47:23][Cipher: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256][PLAIN TEXT (Lvsrdelc)][Plen Bins: 2,2,12,15,21,10,2,0,0,0,5,0,0,0,0,0,0,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.156:37967 <-> 142.250.82.76:19305 [proto: 30.404/DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 39][cat: VoIP/10][25 pkts/4202 bytes <-> 14 pkts/4211 bytes][Goodput ratio: 75/86][0.88 sec][bytes ratio: -0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/35 203/107 47/36][Pkt Len c2s/s2c min/avg/max/stddev: 103/82 168/301 587/1245 125/320][Mapped IP/Port: 93.35.171.3:61536][DTLSv1.2][JA3C: c14667d7da3e6f7a7ab5519ef78c2452][JA4: dd2d110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: AF:DD:BF:F5:59:23:0C:D1:B0:9F:B1:04:2E:89:DF:4C:1B:AB:BE:CC][Validity: 2022-11-30 17:35:18 - 2023-12-01 17:35:18][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (ShSURJhNF)][Plen Bins: 0,5,47,30,2,0,0,0,0,0,0,0,0,2,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/stun_only_peer_address_enabled/result/stun_wa_call.pcapng.out b/tests/cfgs/stun_only_peer_address_enabled/result/stun_wa_call.pcapng.out
index 1f6aa6d45..9e1285fab 100644
--- a/tests/cfgs/stun_only_peer_address_enabled/result/stun_wa_call.pcapng.out
+++ b/tests/cfgs/stun_only_peer_address_enabled/result/stun_wa_call.pcapng.out
@@ -29,12 +29,12 @@ Acceptable 591 133689 13
1 UDP 192.168.12.156:46652 <-> 93.57.123.227:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][171 pkts/28371 bytes <-> 206 pkts/29803 bytes][Goodput ratio: 75/71][31.78 sec][bytes ratio: -0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 178/151 2505/2463 255/222][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 166/145 434/446 100/85][Plen Bins: 14,41,11,8,2,2,3,2,5,4,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.12.156:49526 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][48 pkts/12953 bytes <-> 73 pkts/40083 bytes][Goodput ratio: 84/92][14.68 sec][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 191/164 3009/3009 684/623][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 270/549 542/1155 203/421][PLAIN TEXT (dsUmpy)][Plen Bins: 8,18,19,1,0,0,0,0,3,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,2,4,2,1,2,3,4,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.12.156:49526 <-> 93.33.118.87:41107 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][8 pkts/3465 bytes <-> 8 pkts/5392 bytes][Goodput ratio: 90/94][0.38 sec][bytes ratio: -0.218 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/35 124/160 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 75/86 433/674 997/876 437/340][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,38,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,18,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.156:49526 <-> 93.33.118.87:41107 [proto: 338.45/SRTP.WhatsAppCall][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][8 pkts/3465 bytes <-> 8 pkts/5392 bytes][Goodput ratio: 90/94][0.38 sec][bytes ratio: -0.218 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/35 124/160 55/59][Pkt Len c2s/s2c min/avg/max/stddev: 75/86 433/674 997/876 437/340][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,38,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,18,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.12.156:46652 <-> 157.240.21.51:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/831 29269/2494 12355/1176][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.12.156:46652 <-> 157.240.195.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 7942/832 29268/2497 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.12.156:46652 <-> 157.240.203.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/832 29269/2496 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.12.156:46652 <-> 157.240.231.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][5 pkts/1398 bytes <-> 4 pkts/440 bytes][Goodput ratio: 85/62][31.77 sec][bytes ratio: 0.521 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7942/833 29269/2497 12355/1177][Pkt Len c2s/s2c min/avg/max/stddev: 254/110 280/110 314/110 28/0][Plen Bins: 0,0,44,0,0,0,33,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP 192.168.12.156:49526 -> 10.82.40.241:40436 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.68 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 548/0 562/0 602/0 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.156:49526 -> 10.82.40.241:40436 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.68 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 548/0 562/0 602/0 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 192.168.12.156:49526 <-> 157.240.196.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 UDP 192.168.12.156:49526 <-> 157.240.231.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP 192.168.12.156:49526 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/stun_only_peer_address_enabled/result/telegram_videocall.pcapng.out b/tests/cfgs/stun_only_peer_address_enabled/result/telegram_videocall.pcapng.out
index 6635dade8..8e41f5351 100644
--- a/tests/cfgs/stun_only_peer_address_enabled/result/telegram_videocall.pcapng.out
+++ b/tests/cfgs/stun_only_peer_address_enabled/result/telegram_videocall.pcapng.out
@@ -41,27 +41,27 @@ Acceptable 883 382822 33
1 TCP 192.168.12.169:37950 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][156 pkts/40749 bytes <-> 214 pkts/142865 bytes][Goodput ratio: 75/90][41.14 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 246/152 12847/5983 1291/707][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/668 1090/1294 224/564][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.257 (Encrypted Executable?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (MMHu@J)][Plen Bins: 0,0,2,2,4,5,6,4,4,3,0,1,0,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0]
2 TCP 192.168.12.169:40830 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][80 pkts/7287 bytes <-> 100 pkts/120708 bytes][Goodput ratio: 27/95][28.19 sec][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 437/1 25008/31 3114/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/1207 644/1294 95/289][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.638 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (elySaT)][Plen Bins: 0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,94,0,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.12.169:40832 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][18 pkts/2256 bytes <-> 15 pkts/13705 bytes][Goodput ratio: 47/93][28.20 sec][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/280 2909/2997 746/859][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 125/914 644/1294 150/495][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.526 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (lmd/HB)][Plen Bins: 0,0,0,0,6,6,6,0,0,0,6,0,0,0,0,0,0,0,6,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.12.169:46862 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][11 pkts/1963 bytes <-> 8 pkts/2558 bytes][Goodput ratio: 63/79][10.13 sec][bytes ratio: -0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1124/32 9909/87 3106/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/320 452/670 155/261][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.322 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,11,0,22,0,0,0,0,22,0,11,0,0,0,11,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 192.168.12.169:46866 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][9 pkts/1879 bytes <-> 6 pkts/1822 bytes][Goodput ratio: 68/78][10.11 sec][bytes ratio: 0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/30 1440/34 9925/41 3464/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 209/304 436/839 161/306][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.504 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,14,0,0,0,14,0,14,0,28,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 7 UDP 192.168.12.169:40643 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][8 pkts/1224 bytes <-> 10 pkts/1236 bytes][Goodput ratio: 72/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 2360/1766 13458/13458 4964/4420][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 153/124 170/190 33/25][Peer IP/Port: 10.46.103.200:42554][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 5,16,34,16,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 8 UDP 192.168.12.169:40906 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 98/0 1088/0 1553/0 481/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (BBEvpfJJpa)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 UDP 192.168.12.169:42405 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 97/0 1047/0 2004/0 541/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (bfyeXPVa97N)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 7 UDP 192.168.12.169:40643 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][8 pkts/1224 bytes <-> 10 pkts/1236 bytes][Goodput ratio: 72/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 2360/1766 13458/13458 4964/4420][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 153/124 170/190 33/25][Peer IP/Port: 10.46.103.200:42554][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 5,16,34,16,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 8 UDP 192.168.12.169:40906 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 98/0 1088/0 1553/0 481/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (BBEvpfJJpa)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 UDP 192.168.12.169:42405 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 97/0 1047/0 2004/0 541/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][PLAIN TEXT (bfyeXPVa97N)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 192.168.12.169:40834 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][5 pkts/788 bytes <-> 3 pkts/890 bytes][Goodput ratio: 57/77][0.17 sec][bytes ratio: -0.061 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/47 24/68 42/90 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/297 315/750 110/321][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.107 (Compressed Executable?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 11 UDP 192.168.12.169:49667 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 82/81 176/176 283/284 76/77][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Peer IP/Port: 10.46.103.200:42554][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (ehscoNGDW)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 12 UDP 192.168.12.169:49780 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 83/84 174/175 253/252 62/61][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Peer IP/Port: 10.46.103.200:42554][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 11 UDP 192.168.12.169:49667 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 82/81 176/176 283/284 76/77][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Peer IP/Port: 10.46.103.200:42554][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (ehscoNGDW)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 12 UDP 192.168.12.169:49780 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 83/84 174/175 253/252 62/61][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Peer IP/Port: 10.46.103.200:42554][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 192.168.12.169:37966 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][FPC: 185/Telegram, Confidence: IP address][DPI packets: 4][cat: Chat/9][5 pkts/1117 bytes <-> 3 pkts/464 bytes][Goodput ratio: 70/55][0.15 sec][bytes ratio: 0.413 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 20/62 33/91 13/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 223/155 532/324 196/120][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.574 (Encrypted or Random?)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,33,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 UDP 192.168.12.169:37444 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 159/159 7082/7082 14005/14005 6923/6923][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 UDP 192.168.12.169:37530 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/132 7082/7082 14032/14032 6950/6950][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 UDP 192.168.12.169:37849 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 30/45 7084/7084 14138/14124 7054/7040][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Bs/cdOs)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 17 UDP 192.168.12.169:40906 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/248 bytes <-> 2 pkts/244 bytes][Goodput ratio: 66/65][0.13 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 UDP 192.168.12.169:40906 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 UDP 192.168.12.169:40906 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.28 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (RBkPSgr)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 20 UDP 192.168.12.169:40906 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 21 UDP 192.168.12.169:42197 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BZOyNeHQUCZIf)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 UDP 192.168.12.169:42197 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.27 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BrHWdEqa2)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 UDP 192.168.12.169:42197 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BYyA/MmBER1)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 UDP 192.168.12.169:37444 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 159/159 7082/7082 14005/14005 6923/6923][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 UDP 192.168.12.169:37530 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/132 7082/7082 14032/14032 6950/6950][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 UDP 192.168.12.169:37849 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 30/45 7084/7084 14138/14124 7054/7040][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (Bs/cdOs)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 17 UDP 192.168.12.169:40906 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][FPC: 78.355/STUN.TelegramVoip, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/248 bytes <-> 2 pkts/244 bytes][Goodput ratio: 66/65][0.13 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 UDP 192.168.12.169:40906 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 UDP 192.168.12.169:40906 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.28 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (RBkPSgr)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 20 UDP 192.168.12.169:40906 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 21 UDP 192.168.12.169:42197 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.06 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BZOyNeHQUCZIf)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 22 UDP 192.168.12.169:42197 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.27 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BrHWdEqa2)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 23 UDP 192.168.12.169:42197 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: VoIP/10][2 pkts/124 bytes <-> 2 pkts/252 bytes][Goodput ratio: 32/66][10.30 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (BYyA/MmBER1)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 UDP 192.168.12.1:17500 -> 192.168.12.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][30.01 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 TCP 18.195.162.93:443 <-> 192.168.12.169:38956 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/163 bytes <-> 2 pkts/132 bytes][Goodput ratio: 19/0][5.09 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 TCP 192.168.12.169:40710 <-> 52.58.18.25:5222 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Cloud/13][2 pkts/144 bytes <-> 2 pkts/144 bytes][Goodput ratio: 8/8][0.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -69,7 +69,7 @@ Acceptable 883 382822 33
28 ICMP 192.168.12.169:0 -> 91.108.9.35:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.590 (Executable?)][PLAIN TEXT (ORtRLoo/fpi)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 ICMP 192.168.12.169:0 -> 91.108.13.23:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.612 (Executable?)][PLAIN TEXT (BuBNffVSd)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 ICMP 192.168.12.169:0 -> 91.108.17.2:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.01 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.737 (Executable?)][PLAIN TEXT (KHOirrFTCqEz)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 31 TCP 192.168.12.169:37948 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][FPC: 185/Telegram, Confidence: IP address][DPI packets: 3][cat: Chat/9][2 pkts/128 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 31 TCP 192.168.12.169:37948 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][FPC: 185/Telegram, Confidence: IP address][DPI packets: 3][cat: Chat/9][2 pkts/128 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP probing attempt][TCP Fingerprint: 2_64_65535_685ad951a756/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 UDP [fe80::abe:acff:fe0b:176e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 ICMPV6 [fe80::abe:acff:fe0b:176e]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out b/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out
index 6bacd37cc..7b9d85afb 100644
--- a/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out
+++ b/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out
@@ -37,8 +37,8 @@ JA3 Host Stats:
1 TCP 192.168.149.129:43535 <-> 51.83.238.219:80 [proto: 91/TLS][IP: 252/AnyDesk][Encrypted][Confidence: DPI][FPC: 252/AnyDesk, Confidence: IP address][DPI packets: 8][cat: Web/5][19 pkts/6843 bytes <-> 22 pkts/9152 bytes][Goodput ratio: 85/86][10.60 sec][bytes ratio: -0.144 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 624/488 7028/7028 1803/1610][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 360/416 1514/1514 525/549][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN / SNI should always be present / Expected on port 443][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][JA3S: 107030a763c7224285717ff1569a17f3][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,13,13,9,9,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,4,0,4,0,0,9,0,0,0,0,18,0,0]
2 TCP 192.168.1.128:48260 <-> 195.181.174.176:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][27 pkts/7693 bytes <-> 27 pkts/4853 bytes][Goodput ratio: 77/63][58.81 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: 0.226 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2284/1898 10210/10228 4074/3857][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 285/180 1514/1514 460/331][Risk: ** Missing SNI TLS Extn **** Uncommon TLS ALPN **][Risk Score: 100][Risk Info: anydesk/6.2.0/linu / SNI should always be present][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA4: t12d6406an_9197985d2161_a1e935682795][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,35,20,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,15,0,0]
- 3 TCP 192.168.1.187:54164 <-> 192.168.1.178:7070 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Web/5][19 pkts/7324 bytes <-> 21 pkts/3951 bytes][Goodput ratio: 86/69][7.29 sec][bytes ratio: 0.299 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 481/137 2966/1753 831/422][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 385/188 3980/1514 894/354][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN / SNI should always be present][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA4: t12d550500_168bb377f8c8_a1e935682795][JA3S: ee644a8a34c434abca4b737ec1d9efad][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0][Firefox][Cipher: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,45,15,5,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,5]
- 4 TCP 192.168.1.178:52039 <-> 192.168.1.187:7070 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/2035 bytes <-> 7 pkts/2157 bytes][Goodput ratio: 76/82][0.56 sec][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/40 406/85 150/33][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 254/308 1340/968 419/387][Risk: ** Known Proto on Non Std Port **** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 210][Risk Info: No ALPN / SNI should always be present / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][JA3S: 4b505adfb4a921c5a3a39d293b0811e1 (WEAK)][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: 86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E][Firefox][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,20,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0]
+ 3 TCP 192.168.1.187:54164 <-> 192.168.1.178:7070 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Web/5][19 pkts/7324 bytes <-> 21 pkts/3951 bytes][Goodput ratio: 86/69][7.29 sec][bytes ratio: 0.299 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 481/137 2966/1753 831/422][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 385/188 3980/1514 894/354][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN / SNI should always be present / Expected on port 443][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA4: t12d550500_168bb377f8c8_a1e935682795][JA3S: ee644a8a34c434abca4b737ec1d9efad][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0][Firefox][Cipher: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,45,15,5,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,5]
+ 4 TCP 192.168.1.178:52039 <-> 192.168.1.187:7070 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][8 pkts/2035 bytes <-> 7 pkts/2157 bytes][Goodput ratio: 76/82][0.56 sec][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/40 406/85 150/33][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 254/308 1340/968 419/387][Risk: ** Known Proto on Non Std Port **** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 210][Risk Info: No ALPN / SNI should always be present / Expected on port 443 / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA4: t12d640500_9197985d2161_a1e935682795][JA3S: 4b505adfb4a921c5a3a39d293b0811e1 (WEAK)][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: 86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E][Firefox][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,20,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0]
5 TCP 192.168.149.129:36351 <-> 51.83.239.144:80 [proto: 91/TLS][IP: 252/AnyDesk][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][10 pkts/792 bytes <-> 10 pkts/925 bytes][Goodput ratio: 32/38][45.83 sec][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 32/31 5700/5700 15000/15001 7162/7162][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/92 105/213 25/45][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,90,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.1.187:55376 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-9b6827f2.net.anydesk.com][138.199.36.115][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.1.187:59511 <-> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-3185a847.net.anydesk.com][37.61.223.15][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__shadowsocks-tcp.pcapng.out b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__shadowsocks-tcp.pcapng.out
index e52d10186..25a398bf0 100644
--- a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__shadowsocks-tcp.pcapng.out
+++ b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__shadowsocks-tcp.pcapng.out
@@ -36,6 +36,6 @@ JA3 Host Stats:
1 TCP [2001:b07:a3d:c112:8628:88aa:8b00:913c]:45334 <-> [2a00:1450:4002:416::200e]:443 [proto: 91.124/TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Media/1][20 pkts/2589 bytes <-> 21 pkts/33559 bytes][Goodput ratio: 32/94][0.12 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.857 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/6 46/49 14/13][Pkt Len c2s/s2c min/avg/max/stddev: 88/88 129/1598 605/6128 124/1604][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][TLSv1.3][JA3C: 4ea056e63b7910cbf543f0c095064dfe][JA4: t13d3113h2_e8f1e7e78f70_ce5650b735ce][JA3S: 907bf3ecef1c987c889946b737b43de8][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 9,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,4,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,56,0,0,0,0,0,0,0,0,0,13]
- 2 TCP 127.0.0.1:40164 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: Web/5][14 pkts/2036 bytes <-> 11 pkts/20887 bytes][Goodput ratio: 53/96][0.17 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/21 52/52 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 145/1899 704/7496 163/2354][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated TLS traffic][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][Plen Bins: 0,0,15,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,7,0,0,0,0,0,0,0,23]
+ 2 TCP 127.0.0.1:40164 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: Web/5][14 pkts/2036 bytes <-> 11 pkts/20887 bytes][Goodput ratio: 53/96][0.17 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/21 52/52 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 145/1899 704/7496 163/2354][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated TLS traffic / Expected on port 443][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][Plen Bins: 0,0,15,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,7,0,0,0,0,0,0,0,23]
3 TCP 127.0.0.1:44424 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][18 pkts/2079 bytes <-> 12 pkts/19251 bytes][Goodput ratio: 41/96][0.15 sec][bytes ratio: -0.805 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 46/50 16/15][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 116/1604 585/9955 117/2915][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (www.youtube.com)][Plen Bins: 37,24,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,11]
4 UDP 127.0.0.1:41182 <-> 127.0.0.53:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/176 bytes <-> 2 pkts/596 bytes][Goodput ratio: 50/85][0.00 sec][Hostname/SNI: www.youtube.com][216.58.204.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__trojan-tcp-tls.pcapng.out b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__trojan-tcp-tls.pcapng.out
index 14a519f9e..56b4b66df 100644
--- a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__trojan-tcp-tls.pcapng.out
+++ b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__trojan-tcp-tls.pcapng.out
@@ -38,7 +38,7 @@ JA3 Host Stats:
1 TCP 192.168.1.183:58730 <-> 142.250.180.142:443 [proto: 91.124/TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 124/YouTube, Confidence: DNS][DPI packets: 6][cat: Media/1][17 pkts/1985 bytes <-> 15 pkts/13936 bytes][Goodput ratio: 41/93][0.11 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.751 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/9 31/70 9/20][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 117/929 585/1468 126/632][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 4ea056e63b7910cbf543f0c095064dfe][JA4: t13d3113h2_e8f1e7e78f70_ce5650b735ce][JA3S: 907bf3ecef1c987c889946b737b43de8][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0]
- 2 TCP 127.0.0.1:41796 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 23][cat: Web/5][13 pkts/2233 bytes <-> 12 pkts/9384 bytes][Goodput ratio: 60/91][0.14 sec][Hostname/SNI: test.lan][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 46/30 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 172/782 675/2138 165/744][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated TLS-in-TLS traffic][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][TLSv1.3][JA3C: 7a15285d4efc355608b304698cd7f9ab][JA4: t13d1911h2_9dc949149365_e7c285222651][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,13,13,6,6,0,0,0,6,0,0,0,0,0,6,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,13]
+ 2 TCP 127.0.0.1:41796 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 23][cat: Web/5][13 pkts/2233 bytes <-> 12 pkts/9384 bytes][Goodput ratio: 60/91][0.14 sec][Hostname/SNI: test.lan][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 46/30 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 172/782 675/2138 165/744][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Expected on port 443 / Obfuscated TLS-in-TLS traffic][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][TLSv1.3][JA3C: 7a15285d4efc355608b304698cd7f9ab][JA4: t13d1911h2_9dc949149365_e7c285222651][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,13,13,6,6,0,0,0,6,0,0,0,0,0,6,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,13]
3 TCP 127.0.0.1:60654 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][17 pkts/1999 bytes <-> 10 pkts/7980 bytes][Goodput ratio: 42/91][0.19 sec][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 46/43 16/15][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 118/798 585/4164 119/1276][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (www.youtube.com)][Plen Bins: 37,25,6,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
4 UDP 127.0.0.1:52786 <-> 127.0.0.53:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/176 bytes <-> 2 pkts/468 bytes][Goodput ratio: 50/81][0.03 sec][Hostname/SNI: www.youtube.com][142.250.180.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.1.183:46451 <-> 192.168.1.253:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/88 bytes <-> 1 pkts/413 bytes][Goodput ratio: 49/89][0.03 sec][Hostname/SNI: www.youtube.com][142.250.180.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp-tls.pcapng.out b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp-tls.pcapng.out
index d395419a0..ee6339c11 100644
--- a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp-tls.pcapng.out
+++ b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp-tls.pcapng.out
@@ -38,7 +38,7 @@ JA3 Host Stats:
1 TCP 192.168.1.183:58612 <-> 216.58.204.142:443 [proto: 91.124/TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 124/YouTube, Confidence: DNS][DPI packets: 6][cat: Media/1][11 pkts/1577 bytes <-> 15 pkts/19414 bytes][Goodput ratio: 52/95][0.10 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.850 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/8 74/66 24/18][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 143/1294 585/6668 151/1565][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 4ea056e63b7910cbf543f0c095064dfe][JA4: t13d3113h2_e8f1e7e78f70_ce5650b735ce][JA3S: 907bf3ecef1c987c889946b737b43de8][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 12,6,6,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,44,0,0,0,6]
- 2 TCP 127.0.0.1:57874 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 24][cat: Web/5][16 pkts/2501 bytes <-> 14 pkts/11651 bytes][Goodput ratio: 56/92][0.16 sec][Hostname/SNI: test.lan][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/12 40/74 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 156/832 731/2138 166/797][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated TLS-in-TLS traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 7a15285d4efc355608b304698cd7f9ab][JA4: t13d1911h2_9dc949149365_e7c285222651][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,12,12,5,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,5,5,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,19]
+ 2 TCP 127.0.0.1:57874 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 24][cat: Web/5][16 pkts/2501 bytes <-> 14 pkts/11651 bytes][Goodput ratio: 56/92][0.16 sec][Hostname/SNI: test.lan][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/12 40/74 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 156/832 731/2138 166/797][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Expected on port 443 / Obfuscated TLS-in-TLS traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 7a15285d4efc355608b304698cd7f9ab][JA4: t13d1911h2_9dc949149365_e7c285222651][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,12,12,5,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,5,5,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,19]
3 TCP 127.0.0.1:40136 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][17 pkts/1999 bytes <-> 11 pkts/8047 bytes][Goodput ratio: 42/91][0.14 sec][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/1 40/4 14/2][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 118/732 585/2612 119/967][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (www.youtube.com)][Plen Bins: 37,25,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18]
4 UDP 127.0.0.1:46548 <-> 127.0.0.53:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/176 bytes <-> 2 pkts/484 bytes][Goodput ratio: 50/82][0.00 sec][Hostname/SNI: www.youtube.com][216.58.204.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.1.183:49817 <-> 192.168.1.253:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/88 bytes <-> 1 pkts/253 bytes][Goodput ratio: 49/82][0.00 sec][Hostname/SNI: www.youtube.com][216.58.204.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp.pcapng.out b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp.pcapng.out
index 03096c5e1..3b87cca53 100644
--- a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp.pcapng.out
+++ b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-tcp.pcapng.out
@@ -36,6 +36,6 @@ JA3 Host Stats:
1 TCP [2001:b07:a3d:c112:8628:88aa:8b00:913c]:48302 <-> [2a00:1450:4006:80d::200e]:443 [proto: 91.124/TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 8][cat: Media/1][19 pkts/2517 bytes <-> 18 pkts/22438 bytes][Goodput ratio: 33/93][2.20 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/10 1024/77 344/20][Pkt Len c2s/s2c min/avg/max/stddev: 88/88 132/1247 605/2504 117/854][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][TLSv1.3][JA3C: 4ea056e63b7910cbf543f0c095064dfe][JA4: t13d3113h2_e8f1e7e78f70_ce5650b735ce][JA3S: 907bf3ecef1c987c889946b737b43de8][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 10,5,5,0,5,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,5,0,0,0,0,0,0,0,25]
- 2 TCP 127.0.0.1:40818 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 21][cat: Web/5][13 pkts/2126 bytes <-> 16 pkts/20417 bytes][Goodput ratio: 58/95][2.27 sec][bytes ratio: -0.811 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 225/171 2079/2079 619/551][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 164/1276 749/4794 178/1603][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated TLS traffic][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][Plen Bins: 0,0,6,20,13,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,34]
+ 2 TCP 127.0.0.1:40818 <-> 127.0.0.1:1234 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 21][cat: Web/5][13 pkts/2126 bytes <-> 16 pkts/20417 bytes][Goodput ratio: 58/95][2.27 sec][bytes ratio: -0.811 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 225/171 2079/2079 619/551][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 164/1276 749/4794 178/1603][Risk: ** Known Proto on Non Std Port **** Obfuscated Traffic **][Risk Score: 150][Risk Info: Obfuscated TLS traffic / Expected on port 443][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][Plen Bins: 0,0,6,20,13,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,34]
3 TCP 127.0.0.1:37218 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][15 pkts/1875 bytes <-> 15 pkts/19470 bytes][Goodput ratio: 45/95][2.27 sec][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 185/178 2080/2039 572/561][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 125/1298 585/7183 125/2425][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (www.youtube.com)][Plen Bins: 34,26,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20]
4 UDP 127.0.0.1:35957 <-> 127.0.0.53:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/176 bytes <-> 2 pkts/724 bytes][Goodput ratio: 50/88][0.00 sec][Hostname/SNI: www.youtube.com][172.217.18.46][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-websocket.pcapng.out b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-websocket.pcapng.out
index bab56d94d..53a99ff05 100644
--- a/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-websocket.pcapng.out
+++ b/tests/cfgs/tls_heuristics_enabled/result/tls_heur__vmess-websocket.pcapng.out
@@ -35,6 +35,6 @@ JA3 Host Stats:
1 TCP 192.168.1.183:51390 <-> 142.250.180.142:443 [proto: 91.124/TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 124/YouTube, Confidence: DNS][DPI packets: 6][cat: Media/1][11 pkts/1577 bytes <-> 17 pkts/22332 bytes][Goodput ratio: 52/95][0.14 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.868 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/9 81/74 26/19][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 143/1314 585/6668 160/1472][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA3C: 4ea056e63b7910cbf543f0c095064dfe][JA4: t13d3113h2_e8f1e7e78f70_ce5650b735ce][JA3S: 907bf3ecef1c987c889946b737b43de8][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,55,0,0,0,5]
- 2 TCP 127.0.0.1:33702 <-> 127.0.0.1:1234 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][cat: Web/5][19 pkts/2630 bytes <-> 16 pkts/20282 bytes][Goodput ratio: 51/95][0.17 sec][Hostname/SNI: 127.0.0.1][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 52/76 16/21][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 138/1268 767/2120 172/862][URL: 127.0.0.1:1234/][StatusCode: 101][User-Agent: Go-http-client/1.1][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Obfuscated Traffic **][Risk Score: 160][Risk Info: Found host 127.0.0.1 / Obfuscated TLS-in-HTTP-WebSocket traffic][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,11,0,5,5,0,0,0,0,0,5,0,0,5,0,0,0,0,0,5,11,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45]
+ 2 TCP 127.0.0.1:33702 <-> 127.0.0.1:1234 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI (aggressive)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][cat: Web/5][19 pkts/2630 bytes <-> 16 pkts/20282 bytes][Goodput ratio: 51/95][0.17 sec][Hostname/SNI: 127.0.0.1][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 52/76 16/21][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 138/1268 767/2120 172/862][URL: 127.0.0.1:1234/][StatusCode: 101][User-Agent: Go-http-client/1.1][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Obfuscated Traffic **][Risk Score: 160][Risk Info: Found host 127.0.0.1 / Expected on port 80 / Obfuscated TLS-in-HTTP-WebSocket traffic][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,11,0,5,5,0,0,0,0,0,5,0,0,5,0,0,0,0,0,5,11,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45]
3 TCP 127.0.0.1:44532 <-> 127.0.0.1:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][20 pkts/2203 bytes <-> 13 pkts/19272 bytes][Goodput ratio: 38/95][0.17 sec][bytes ratio: -0.795 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 44/82 16/26][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 110/1482 585/4000 112/1624][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (www.youtube.com)][Plen Bins: 31,21,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26]
4 UDP 127.0.0.1:39646 <-> 127.0.0.53:53 [proto: 5.124/DNS.YouTube][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.124/DNS.YouTube, Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/176 bytes <-> 2 pkts/596 bytes][Goodput ratio: 50/85][0.00 sec][Hostname/SNI: www.youtube.com][142.250.180.142][PLAIN TEXT (youtube)][Plen Bins: 0,50,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out b/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out
index 5a3e572ab..bed112ff9 100644
--- a/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out
+++ b/tests/cfgs/zoom_extra_dissection/result/zoom.pcap.out
@@ -59,14 +59,14 @@ JA3 Host Stats:
9 TCP 192.168.1.117:54870 <-> 213.244.140.84:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 11][cat: Video/26][16 pkts/1832 bytes <-> 12 pkts/6702 bytes][Goodput ratio: 44/88][0.38 sec][Hostname/SNI: zoomfr84zc.zoom.us][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/40 187/280 49/91][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 114/558 583/1506 129/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][JA4: t12d930700_72a4e8475a2e_4446390ac224][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,0,8,8,8,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,25,0,0]
10 TCP 192.168.1.117:54864 <-> 52.202.62.238:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DNS][DPI packets: 10][cat: Video/26][10 pkts/2030 bytes <-> 8 pkts/6283 bytes][Goodput ratio: 72/93][0.47 sec][Hostname/SNI: log.zoom.us][(Advertised) ALPNs: http/1.1][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 58/40 110/131 50/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 203/785 812/1506 256/675][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: 535aca3d99fc247509cd50933cd71d37][JA4: t12d8008ht_9cedc1f1428b_046e095b7c4a][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,33,0,0]
11 TCP 192.168.1.117:53872 <-> 35.186.224.53:443 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 5][cat: Web/5][8 pkts/2017 bytes <-> 8 pkts/4822 bytes][Goodput ratio: 74/89][0.07 sec][bytes ratio: -0.410 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 58/45 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252/603 1434/1484 447/585][Plen Bins: 0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,25,0,0,0]
- 12 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][Goodput ratio: 69/68][5.26 sec][Hostname/SNI: dati.ntop.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 645/740 5003/5003 1647/1741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/207 932/1292 283/364][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a795593605a13211941d44505b4d1e39][JA4: t12d800700_64d9932cae36_4446390ac224][JA3S: dd4b012f7a008e741554bd0a4ed12920][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
+ 12 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][Goodput ratio: 69/68][5.26 sec][Hostname/SNI: dati.ntop.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 645/740 5003/5003 1647/1741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/207 932/1292 283/364][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN / Expected on port 443][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA3C: a795593605a13211941d44505b4d1e39][JA4: t12d800700_64d9932cae36_4446390ac224][JA3S: dd4b012f7a008e741554bd0a4ed12920][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
13 TCP 192.168.1.117:54854 -> 172.217.21.72:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91.239/TLS.GoogleServices, Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/1060 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.46 sec][Hostname/SNI: www.googletagmanager.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TLSv1][JA3C: d78489b860c8bf7838a6ff0b4d131541][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP 192.168.1.117:53867 <-> 104.199.65.42:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][4 pkts/710 bytes <-> 2 pkts/242 bytes][Goodput ratio: 63/45][0.09 sec][bytes ratio: 0.492 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/64 31/64 32/64 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/121 178/121 329/121 115/0][Plen Bins: 0,50,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 UDP 192.168.1.117:61731 <-> 109.94.160.99:8801 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DPI][DPI packets: 8][cat: Video/26][4 pkts/372 bytes <-> 4 pkts/290 bytes][Goodput ratio: 55/39][0.11 sec][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/35 28/27 49/47 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 93/72 151/93 40/14][PLAIN TEXT (replace)][Plen Bins: 50,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 UDP 192.168.1.117:60620 <-> 109.94.160.99:8801 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 189/Zoom, Confidence: DPI][DPI packets: 7][cat: Video/26][4 pkts/408 bytes <-> 3 pkts/222 bytes][Goodput ratio: 59/41][1.24 sec][bytes ratio: 0.295 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/31 413/16 1209/31 563/16][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 102/74 149/85 33/10][PLAIN TEXT (replace)][Plen Bins: 28,57,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 UDP 192.168.1.117:23903 <-> 162.255.37.14:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][FPC: 78.189/STUN.Zoom, Confidence: DPI][DPI packets: 1][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][Goodput ratio: 51/43][0.19 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10/9 10/9 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86/74 86/74 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
18 UDP 192.168.1.117:23903 <-> 162.255.38.14:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][FPC: 78.189/STUN.Zoom, Confidence: DPI][DPI packets: 1][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][Goodput ratio: 51/43][0.18 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10/10 10/10 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86/74 86/74 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 UDP 192.168.1.117:23903 <-> 162.255.38.14:3479 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][FPC: 78.189/STUN.Zoom, Confidence: DPI][DPI packets: 1][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][Goodput ratio: 51/43][0.18 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10/10 10/10 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86/74 86/74 0/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 UDP 192.168.1.117:23903 <-> 162.255.38.14:3479 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][FPC: 78.189/STUN.Zoom, Confidence: DPI][DPI packets: 1][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][Goodput ratio: 51/43][0.18 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10/10 10/10 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86/74 86/74 0/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 UDP 192.168.1.117:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/330 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Hostname/SNI: workgroup][PLAIN TEXT ( FHEPFCELEHFCEPFFFACACACACACACA)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/321 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: tl-sg116e][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
22 TCP 192.168.1.117:54341 -> 62.149.152.153:993 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 51/IMAPS, Confidence: DPI][DPI packets: 2][cat: Email/3][2 pkts/226 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][3.59 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -78,7 +78,7 @@ JA3 Host Stats:
28 UDP 192.168.1.117:62988 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.189/DNS.Zoom, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.04 sec][Hostname/SNI: www3.zoom.us][52.202.62.236][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 UDP 192.168.1.117:64352 <-> 192.168.1.1:53 [proto: 5.189/DNS.Zoom][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.189/DNS.Zoom, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40/51][0.04 sec][Hostname/SNI: log.zoom.us][52.202.62.238][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 ICMP 192.168.1.117:0 -> 162.255.38.14:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 31 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 2][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.04 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 31 TCP 192.168.1.117:54798 <-> 13.225.84.182:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 2][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.04 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: Connection refused / TCP probing attempt][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 UDP 192.168.1.117:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][PLAIN TEXT (spotify)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 UDP 192.168.1.117:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 156/Spotify, Confidence: DPI][DPI packets: 1][cat: Music/25][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 ICMP 192.168.1.117:0 -> 192.168.1.1:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua
index 29e819f72..b652825fb 100644
--- a/wireshark/ndpi.lua
+++ b/wireshark/ndpi.lua
@@ -1777,7 +1777,7 @@ function stun_dissector(tvb, pinfo, tree)
protocol = ndpi_proto_whatsapp
end
end
- if stun_request_table[getstring(stun_request)] ~= 0 and protocol ~= stun_request_table[getstring(stun_request)] then
+ if stun_request_table[getstring(stun_request)] ~= nil and protocol ~= stun_request_table[getstring(stun_request)] then
protocol = stun_request_table[getstring(stun_request)]
end