Merge commit '5cae544a40' into flow_info-4

2026-05-22 03:03:07 +00:00 · 2025-12-09 12:48:51 +03:00 · 2025-12-09 12:48:51 +03:00 · 92cdb12462
commit 92cdb12462
parent 4aee91fd7a 5cae544a40
21 changed files with 365 additions and 39 deletions
--- a/doc/configuration_parameters.rst
+++ b/doc/configuration_parameters.rst
@ -208,7 +208,7 @@ List of the supported configuration options:
 |              |                                                               |                 |            |            | SurfSharkVPN, Teamviewer, Telegram, Tencent, Threema, TOR, Twitch, Twitter, VK, Yandex, Yandex Cloud, Webex, Whatsapp, Zoom                                       |
 +--------------+---------------------------------------------------------------+-----------------+------------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | $PROTO_NAME  | "monitoring"                                                  | disable         | NULL       | NULL       | Enable/disable monitoring state for this specific protocol. Use "any" as protocol name if you want to easily enable/disable monitoring feature for all protocols. |
-|              |                                                               |                 |            |            | This knob is valid only for the following protocols: Stun. Monitoring allows nDPI to process the entire flow (i.e. all its packets), without any limits.          |
+|              |                                                               |                 |            |            | This knob is valid only for the following protocols: S7Comm, Stun. Monitoring allows nDPI to process the entire flow (i.e. all its packets), without any limits.  |
 |              |                                                               |                 |            |            | See doc/monitoring.md for further details                                                                                                                         |
 +--------------+---------------------------------------------------------------+-----------------+------------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | $PROTO_NAME  | "enable"                                                      | enable          | NULL       | NULL       | Enable/disable the specific protocol. Use "any" or "all" as protocol name if you want to easily enable/disable all protocols.                                     |
--- a/doc/monitoring.rst
+++ b/doc/monitoring.rst
@ -20,7 +20,7 @@ In other words:
 - "(current) packet metadata" is saved in ``ndpi_flow->monitor``, only if monitor is enabled.

 Monitoring must be explicitly enabled with something like: ``--cfg=stun,monitoring,1``.  
-To enable/disable monitoring for all protocols you can use ``--cfg=any,monitoring,1`` but only STUN is supported right now.
+To enable/disable monitoring for all protocols you can use ``--cfg=any,monitoring,1`` but only STUN and S7COMM are supported right now.

 Since monitoring processes *all* the flow packets, it might have an impact on performances.

--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@ -2487,7 +2487,8 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
    print_ndpi_address_port_list_file(out, "Other IP/Port", &flow->stun.other_address);

    /* These counters make sense only if the flow entered the monitor state */
-    if(flow->num_packets_before_monitoring > 0)
+    if(flow->num_packets_before_monitoring > 0 &&
+       (flow->stun.rtp_counters[0] > 0 || flow->stun.rtp_counters[1] > 0))
      fprintf(out, "[RTP packets: %d/%d]", flow->stun.rtp_counters[0], flow->stun.rtp_counters[1]);

    if(flow->http.url[0] != '\0')
@ -3448,7 +3449,8 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle,
  }

  char buf[16];
-  if(ndpi_get_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, "stun", "monitoring", buf, sizeof(buf)) != NULL) {
+  if(ndpi_get_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, "stun", "monitoring", buf, sizeof(buf)) != NULL ||
+     ndpi_get_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, "s7comm", "monitoring", buf, sizeof(buf)) != NULL) {
    if(atoi(buf))
      monitoring_enabled = 1;
  }
--- a/fuzz/fuzz_ndpi_reader.c
+++ b/fuzz/fuzz_ndpi_reader.c
@ -143,7 +143,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    assert(ndpi_set_config(workflow->ndpi_struct, "tls", "metadata.ja4r_fingerprint", "1") == NDPI_CFG_OK);
    assert(ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics", "0x07") == NDPI_CFG_OK);
    assert(ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics.max_packets_extra_dissection", "40") == NDPI_CFG_OK);
-    assert(ndpi_set_config(workflow->ndpi_struct, "stun", "monitoring", "1") == NDPI_CFG_OK);
+    assert(ndpi_set_config(workflow->ndpi_struct, "all", "monitoring", "1") == NDPI_CFG_OK);
    assert(ndpi_set_config(workflow->ndpi_struct, NULL, "dpi.address_cache_size", "8192") == NDPI_CFG_OK);
    assert(ndpi_set_config(workflow->ndpi_struct, NULL, "hostname_dns_check", "1") == NDPI_CFG_OK);

--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@ -1824,6 +1824,22 @@ struct ndpi_flow_struct {
      u_int16_t user_id;
    } bfcp;

+    struct {
+      u_int16_t num_requests;       /* Total number of requests (Job messages) */
+      u_int16_t num_responses;      /* Total number of responses (Ack_Data messages) */
+      u_int8_t num_acks;            /* Number of acknowledgments without data */
+      u_int8_t num_userdata;        /* Number of UserData messages */
+      /* Function code counters (top 8 most common S7Comm functions) */
+      u_int8_t num_read_var;        /* Read Var (0x04) */
+      u_int8_t num_write_var;       /* Write Var (0x05) */
+      u_int8_t num_setup_comm;      /* Setup Communication (0xF0) */
+      u_int8_t num_download;        /* Download (0x1A) */
+      u_int8_t num_upload;          /* Upload (0x1B) */
+      u_int8_t num_plc_control;     /* PLC Control (0x28) */
+      u_int8_t num_plc_stop;        /* PLC Stop (0x29) */
+      u_int8_t num_other_funcs;     /* Other function codes */
+    } s7comm;
+
  } protos;

  /* **Packet** metadata for flows where monitoring is enabled. It is reset after each packet! */
--- a/src/lib/protocols/s7comm.c
+++ b/src/lib/protocols/s7comm.c
@ -33,32 +33,196 @@
 #define S7COMM_MAGIC_BYTE       0x32
 #define S7COMM_PLUS_MAGIC_BYTE  0x72

+/* S7Comm Message Types */
+#define S7COMM_MSG_JOB          0x01  /* Request */
+#define S7COMM_MSG_ACK          0x02  /* Acknowledgment without data */
+#define S7COMM_MSG_ACK_DATA     0x03  /* Response with data */
+#define S7COMM_MSG_USERDATA     0x07  /* UserData (programming/debugging) */
+
+/* S7Comm Function Codes (in Job messages) */
+#define S7COMM_FUNC_READ_VAR    0x04  /* Read Var */
+#define S7COMM_FUNC_WRITE_VAR   0x05  /* Write Var */
+#define S7COMM_FUNC_DOWNLOAD    0x1A  /* Download block */
+#define S7COMM_FUNC_UPLOAD      0x1B  /* Upload block */
+#define S7COMM_FUNC_PLC_CONTROL 0x28  /* PLC Control */
+#define S7COMM_FUNC_PLC_STOP    0x29  /* PLC Stop */
+#define S7COMM_FUNC_SETUP_COMM  0xF0  /* Setup Communication */
+
+/* S7Comm header offsets (after TPKT + COTP) */
+#define S7COMM_HEADER_PROTOCOL_ID   0  /* Protocol ID (0x32) */
+#define S7COMM_HEADER_MSG_TYPE      1  /* Message type */
+#define S7COMM_HEADER_RESERVED      2  /* Reserved (2 bytes) */
+#define S7COMM_HEADER_PDU_REF       4  /* PDU reference (2 bytes) */
+#define S7COMM_HEADER_PARAM_LEN     6  /* Parameter length (2 bytes) */
+#define S7COMM_HEADER_DATA_LEN      8  /* Data length (2 bytes) */
+#define S7COMM_HEADER_ERR_CLASS    10  /* Error class (1 bytes); only in Ack or Ack-Data messages */
+#define S7COMM_HEADER_ERR_CODE     11  /* Error code (1 bytes); only in Ack or Ack-Data messages */
+#define S7COMM_HEADER_MIN_LEN      10  /* Minimum header length */
+#define S7COMM_HEADER_MIN_LEN_ACKS 12  /* Minimum header length (for Ack or Ack-Data messages) */
+
+/* For Ack_Data messages, there's an error code before parameters */
+#define S7COMM_ACK_DATA_ERROR_CODE  10 /* Error code (2 bytes, only in Ack_Data) */
+#define S7COMM_ACK_DATA_PARAM_START 12 /* Parameter start for Ack_Data */
+#define S7COMM_JOB_PARAM_START      10 /* Parameter start for Job */
+#define S7COMM_USERDATA_PARAM_START 10 /* Parameter start for Userdata */
+
+/* Helper function to parse S7Comm message and update statistics */
+static void ndpi_parse_s7comm_message(struct ndpi_detection_module_struct *ndpi_struct,
+                                      struct ndpi_flow_struct *flow,
+                                      const u_int8_t *s7comm_header,
+                                      u_int16_t s7comm_len)
+{
+  u_int8_t msg_type;
+  u_int16_t param_len;
+  u_int8_t function_code;
+
+  /* Need at least the minimum S7Comm header */
+  if (s7comm_len < S7COMM_HEADER_MIN_LEN)
+    return;
+
+  if(flow->monit == NULL)
+    flow->monit = ndpi_calloc(1, sizeof(struct ndpi_metadata_monitoring));
+
+  msg_type = s7comm_header[S7COMM_HEADER_MSG_TYPE];
+  param_len = ntohs(get_u_int16_t(s7comm_header, S7COMM_HEADER_PARAM_LEN));
+
+  /* Ack and Ack_data header is longer */
+  if((msg_type == S7COMM_MSG_ACK || msg_type == S7COMM_MSG_ACK_DATA) &&
+     s7comm_len < S7COMM_HEADER_MIN_LEN_ACKS)
+    return;
+
+  NDPI_LOG_DBG2(ndpi_struct, "S7Comm msg_type=0x%02x, param_len=%u\n", msg_type, param_len);
+
+  /* Update message type counters */
+  switch(msg_type) {
+    case S7COMM_MSG_JOB:
+      flow->protos.s7comm.num_requests++;
+
+      /* Parse function code from parameter section for Job messages */
+      if (param_len > 0 && s7comm_len > S7COMM_JOB_PARAM_START) {
+        function_code = s7comm_header[S7COMM_JOB_PARAM_START];
+        NDPI_LOG_DBG2(ndpi_struct, "S7Comm Job function_code=0x%02x\n", function_code);
+
+        /* Update function-specific counters */
+        switch(function_code) {
+          case S7COMM_FUNC_READ_VAR:
+            flow->protos.s7comm.num_read_var++;
+            break;
+          case S7COMM_FUNC_WRITE_VAR:
+            flow->protos.s7comm.num_write_var++;
+            break;
+          case S7COMM_FUNC_SETUP_COMM:
+            flow->protos.s7comm.num_setup_comm++;
+            break;
+          case S7COMM_FUNC_DOWNLOAD:
+            flow->protos.s7comm.num_download++;
+            break;
+          case S7COMM_FUNC_UPLOAD:
+            flow->protos.s7comm.num_upload++;
+            break;
+          case S7COMM_FUNC_PLC_CONTROL:
+            flow->protos.s7comm.num_plc_control++;
+            break;
+          case S7COMM_FUNC_PLC_STOP:
+            flow->protos.s7comm.num_plc_stop++;
+            break;
+          default:
+            flow->protos.s7comm.num_other_funcs++;
+            break;
+        }
+      }
+      break;
+
+    case S7COMM_MSG_ACK:
+      flow->protos.s7comm.num_acks++;
+      break;
+
+    case S7COMM_MSG_ACK_DATA:
+      flow->protos.s7comm.num_responses++;
+      /* Could also parse the function code from Ack_Data if needed */
+      if (param_len > 0 && s7comm_len > S7COMM_ACK_DATA_PARAM_START) {
+        function_code = s7comm_header[S7COMM_ACK_DATA_PARAM_START];
+        NDPI_LOG_DBG2(ndpi_struct, "S7Comm Ack_Data function_code=0x%02x\n", function_code);
+      }
+      break;
+
+    case S7COMM_MSG_USERDATA:
+      flow->protos.s7comm.num_userdata++;
+      break;
+
+    default:
+      NDPI_LOG_DBG2(ndpi_struct, "S7Comm unknown msg_type=0x%02x\n", msg_type);
+      break;
+  }
+}
+
+/* Callback function for continuous packet processing after detection */
+static int ndpi_search_s7comm_again(struct ndpi_detection_module_struct *ndpi_struct,
+                                    struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
+  u_int8_t s7comm_offset = 7; /* TPKT(4) + COTP(3) = offset 7 for S7Comm header */
+
+  NDPI_LOG_DBG2(ndpi_struct, "S7Comm extra dissection\n");
+
+  /* Skip retransmissions and empty packets */
+  if (packet->tcp_retransmission || packet->payload_packet_len == 0)
+    return 1; /* Continue extra dissection */
+
+  /* Parse S7Comm messages for statistics throughout the session */
+  if (tpkt_verify_hdr(packet) && (packet->payload_packet_len > s7comm_offset + S7COMM_HEADER_MIN_LEN)) {
+    if (packet->payload[s7comm_offset] == S7COMM_MAGIC_BYTE) {
+      ndpi_parse_s7comm_message(ndpi_struct, flow,
+                                &packet->payload[s7comm_offset],
+                                packet->payload_packet_len - s7comm_offset);
+    }
+  }
+
+  return 1; /* Continue extra dissection */
+}
+
 static void ndpi_search_s7comm(struct ndpi_detection_module_struct *ndpi_struct,
                               struct ndpi_flow_struct *flow)
 {
  struct ndpi_packet_struct const * const packet = ndpi_get_packet_struct(ndpi_struct);
+  u_int8_t s7comm_offset = 7; /* TPKT(4) + COTP(3) = offset 7 for S7Comm header */

  NDPI_LOG_DBG(ndpi_struct, "search S7comm\n");

+  /* Initial detection */
  if (tpkt_verify_hdr(packet) && (packet->payload_packet_len > 17) &&
      ((packet->tcp->source == htons(TPKT_PORT)) ||
       (packet->tcp->dest == htons(TPKT_PORT))))
  {
-    if (packet->payload[7] == S7COMM_PLUS_MAGIC_BYTE) {
+    if (packet->payload[s7comm_offset] == S7COMM_PLUS_MAGIC_BYTE) {
      const u_int16_t trail_byte_offset = packet->payload_packet_len - 4;
      if (packet->payload[trail_byte_offset] == S7COMM_PLUS_MAGIC_BYTE) {
        NDPI_LOG_INFO(ndpi_struct, "found S7CommPlus\n");
-        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM_PLUS, 
+        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM_PLUS,
                                   NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+        /* TODO: monitoring? */
        return;
-      } 
-    } else if (packet->payload[7] == S7COMM_MAGIC_BYTE) {
-      if (((packet->payload[8] <= 0x03) || (packet->payload[8] == 0x07)) &&
-          (get_u_int16_t(packet->payload, 9) == 0))
+      }
+    } else if (packet->payload[s7comm_offset] == S7COMM_MAGIC_BYTE) {
+      if (((packet->payload[s7comm_offset + 1] <= 0x03) || (packet->payload[s7comm_offset + 1] == 0x07)) &&
+          (get_u_int16_t(packet->payload, s7comm_offset + 2) == 0))
      {
        NDPI_LOG_INFO(ndpi_struct, "found S7Comm\n");
-        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM, 
+        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM,
                                   NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+
+        if(is_monitoring_enabled(ndpi_struct, NDPI_PROTOCOL_S7COMM)) {
+          /* Parse this first message for statistics.
+           * It makes sense only in monitoring */
+          ndpi_parse_s7comm_message(ndpi_struct, flow,
+                                    &packet->payload[s7comm_offset],
+                                    packet->payload_packet_len - s7comm_offset);
+
+          NDPI_LOG_DBG(ndpi_struct, "Enabled monitoring\n");
+          flow->state = NDPI_STATE_MONITORING;
+          /* No extra dissection, we move directly to monitor state */
+          flow->extra_packets_func = ndpi_search_s7comm_again;
+        }
        return;
      }
    }
--- a/tests/cfgs/default/pcap/ethernet_ip-cip.pcap
+++ b/tests/cfgs/default/pcap/ethernet_ip-cip.pcap
--- a/tests/cfgs/default/pcap/ethernet_ip-cip_io.pcapng
+++ b/tests/cfgs/default/pcap/ethernet_ip-cip_io.pcapng
--- a/tests/cfgs/default/pcap/s7comm.pcap
+++ b/tests/cfgs/default/pcap/s7comm.pcap
--- a/tests/cfgs/default/result/ethernet_ip-cip.pcap.out
+++ b/tests/cfgs/default/result/ethernet_ip-cip.pcap.out
@ -0,0 +1,37 @@
+DPI Packets (TCP):	2	(1.00 pkts/flow)
+Confidence DPI              : 2 (flows)
+Num dissector calls: 2 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+Hash malicious ja4:        0/0 (search/found)
+Hash malicious sha1:       0/0 (search/found)
+Hash TCP fingerprints:     0/0 (search/found)
+Hash public domain suffix: 0/0 (search/found)
+Hash ja4 custom protos:    0/0 (search/found)
+Hash fp custom protos:     0/0 (search/found)
+Hash url custom protos:    0/0 (search/found)
+
+EthernetIP	268	46394	2
+
+Acceptable                     268 46394         2            
+
+Network                        268 46394         2            
+
+	1	TCP 192.168.10.105:3033 <-> 192.168.10.120:44818 [proto: 278/EthernetIP][Stack: EthernetIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 278/EthernetIP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][134 pkts/21062 bytes <-> 133 pkts/25222 bytes][Goodput ratio: 66/72][20.01 sec][bytes ratio: -0.090 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/4 154/151 508/505 221/220][Pkt Len c2s/s2c min/avg/max/stddev: 110/110 157/190 264/347 71/104][PLAIN TEXT (00 Eastern Time )][Plen Bins: 0,61,0,9,0,0,15,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 10.100.90.51:37844 -> 10.100.40.11:44818 [VLAN: 90][proto: 278/EthernetIP][Stack: EthernetIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 278/EthernetIP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/110 bytes -> 0 pkts/0 bytes][Goodput ratio: 47/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (pycomm)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/ethernet_ip-cip_io.pcapng.out
+++ b/tests/cfgs/default/result/ethernet_ip-cip_io.pcapng.out
@ -0,0 +1,36 @@
+DPI Packets (UDP):	1	(1.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+Hash malicious ja4:        0/0 (search/found)
+Hash malicious sha1:       0/0 (search/found)
+Hash TCP fingerprints:     0/0 (search/found)
+Hash public domain suffix: 0/0 (search/found)
+Hash ja4 custom protos:    0/0 (search/found)
+Hash fp custom protos:     0/0 (search/found)
+Hash url custom protos:    0/0 (search/found)
+
+CIP	398	28690	1
+
+Acceptable                     398 28690         1            
+
+IoT-Scada                      398 28690         1            
+
+	1	UDP 192.168.1.24:2222 <-> 192.168.1.22:2222 [proto: 393/CIP][Stack: CIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 393/CIP, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][Breed: Acceptable][368 pkts/26830 bytes <-> 30 pkts/1860 bytes][Goodput ratio: 42/32][0.00 sec][bytes ratio: 0.870 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/62 73/62 148/62 23/0][Plen Bins: 92,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/s7comm.pcap.out
+++ b/tests/cfgs/default/result/s7comm.pcap.out
@ -1,13 +1,13 @@
-DPI Packets (TCP):	3	(3.00 pkts/flow)
-Confidence DPI              : 1 (flows)
-Num dissector calls: 189 (189.00 diss/flow)
+DPI Packets (TCP):	18	(4.50 pkts/flow)
+Confidence DPI              : 4 (flows)
+Num dissector calls: 655 (163.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
-LRU cache fpc_dns:    0/1/0 (insert/search/found)
+LRU cache fpc_dns:    0/3/0 (insert/search/found)
 Automa host:          0/0 (search/found)
 Automa domain:        0/0 (search/found)
 Automa tls cert:      0/0 (search/found)
@ -15,22 +15,25 @@ Automa risk mask:     0/0 (search/found)
 Automa common alpns:  0/0 (search/found)
 Patricia risk mask:   0/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
-Patricia risk:        0/0 (search/found)
+Patricia risk:        1/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   2/0 (search/found)
+Patricia protocols:   8/0 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 Hash malicious ja4:        0/0 (search/found)
 Hash malicious sha1:       0/0 (search/found)
-Hash TCP fingerprints:     0/0 (search/found)
+Hash TCP fingerprints:     2/0 (search/found)
 Hash public domain suffix: 0/0 (search/found)
 Hash ja4 custom protos:    0/0 (search/found)
 Hash fp custom protos:     0/0 (search/found)
 Hash url custom protos:    0/0 (search/found)

-S7Comm	55	5260	1
+S7Comm	193	19127	4

-Acceptable                      55 5260          1            
+Acceptable                     193 19127         4            

-IoT-Scada                       55 5260          1            
+IoT-Scada                      193 19127         4            

-	1	TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: IoT-Scada/31][Breed: Acceptable][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 134.217.61.131:51212 <-> 134.217.61.211:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 249/S7Comm, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][Breed: Acceptable][32 pkts/2944 bytes <-> 32 pkts/4268 bytes][Goodput ratio: 41/59][0.55 sec][bytes ratio: -0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 12/16 108/108 20/27][Pkt Len c2s/s2c min/avg/max/stddev: 79/73 92/133 249/301 30/81][PLAIN TEXT (ES7 315)][Plen Bins: 40,43,3,1,3,1,1,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: IoT-Scada/31][Breed: Acceptable][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 172.17.0.2:33028 <-> 172.17.0.2:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: IoT-Scada/31][Breed: Acceptable][21 pkts/1825 bytes <-> 15 pkts/1993 bytes][Goodput ratio: 24/50][0.23 sec][bytes ratio: -0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 9/11 56/101 18/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/133 145/447 20/96][TCP Fingerprint: 2_64_33280_db1b9381215d/Unknown][PLAIN TEXT (ES7 315)][Plen Bins: 33,45,8,0,8,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 192.168.1.180:1117 <-> 192.168.1.11:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: IoT-Scada/31][Breed: Acceptable][20 pkts/1605 bytes <-> 18 pkts/1232 bytes][Goodput ratio: 22/20][7.11 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 381/372 1004/871 476/355][Pkt Len c2s/s2c min/avg/max/stddev: 68/54 80/68 93/83 11/14][TCP Fingerprint: 2_128_65535_44bd01ba086e/Unknown][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/s7comm2.pcap.out
+++ b/tests/cfgs/default/result/s7comm2.pcap.out
@ -0,0 +1,36 @@
+DPI Packets (TCP):	3	(3.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 189 (189.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/1/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+Hash malicious ja4:        0/0 (search/found)
+Hash malicious sha1:       0/0 (search/found)
+Hash TCP fingerprints:     0/0 (search/found)
+Hash public domain suffix: 0/0 (search/found)
+Hash ja4 custom protos:    0/0 (search/found)
+Hash fp custom protos:     0/0 (search/found)
+Hash url custom protos:    0/0 (search/found)
+
+S7Comm	55	5260	1
+
+Acceptable                      55 5260          1            
+
+IoT-Scada                       55 5260          1            
+
+	1	TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: IoT-Scada/31][Breed: Acceptable][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/monitoring/config.txt
+++ b/tests/cfgs/monitoring/config.txt
@ -1 +1 @@
--cfg=packets_limit_per_flow,64 --cfg=stun,monitoring,1 --cfg=stun,max_packets_extra_dissection,32 -U 0 -T 0
+--cfg=packets_limit_per_flow,64 --cfg=all,monitoring,1 --cfg=stun,max_packets_extra_dissection,32 -U 0 -T 0
--- a/tests/cfgs/monitoring/pcap/s7comm.pcap
+++ b/tests/cfgs/monitoring/pcap/s7comm.pcap
@ -0,0 +1 @@
+../../default/pcap/s7comm.pcap
--- a/tests/cfgs/monitoring/result/s7comm.pcap.out
+++ b/tests/cfgs/monitoring/result/s7comm.pcap.out
@ -0,0 +1,39 @@
+DPI Packets (TCP):	193	(48.25 pkts/flow)
+Confidence DPI              : 4 (flows)
+Num dissector calls: 655 (163.75 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/3/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        1/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   8/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+Hash malicious ja4:        0/0 (search/found)
+Hash malicious sha1:       0/0 (search/found)
+Hash TCP fingerprints:     2/0 (search/found)
+Hash public domain suffix: 0/0 (search/found)
+Hash ja4 custom protos:    0/0 (search/found)
+Hash fp custom protos:     0/0 (search/found)
+Hash url custom protos:    0/0 (search/found)
+
+S7Comm	193	19127	4
+
+Acceptable                     193 19127         4            
+
+IoT-Scada                      193 19127         4            
+
+	1	TCP 134.217.61.131:51212 <-> 134.217.61.211:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 249/S7Comm, Confidence: DPI][DPI packets: 64][DPI packets before monitoring: 1][cat: IoT-Scada/31][Breed: Acceptable][32 pkts/2944 bytes <-> 32 pkts/4268 bytes][Goodput ratio: 41/59][0.55 sec][bytes ratio: -0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 12/16 108/108 20/27][Pkt Len c2s/s2c min/avg/max/stddev: 79/73 92/133 249/301 30/81][PLAIN TEXT (ES7 315)][Plen Bins: 40,43,3,1,3,1,1,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 55][DPI packets before monitoring: 3][cat: IoT-Scada/31][Breed: Acceptable][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 172.17.0.2:33028 <-> 172.17.0.2:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 36][DPI packets before monitoring: 8][cat: IoT-Scada/31][Breed: Acceptable][21 pkts/1825 bytes <-> 15 pkts/1993 bytes][Goodput ratio: 24/50][0.23 sec][bytes ratio: -0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 9/11 56/101 18/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/133 145/447 20/96][TCP Fingerprint: 2_64_33280_db1b9381215d/Unknown][PLAIN TEXT (ES7 315)][Plen Bins: 33,45,8,0,8,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 192.168.1.180:1117 <-> 192.168.1.11:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 38][DPI packets before monitoring: 6][cat: IoT-Scada/31][Breed: Acceptable][20 pkts/1605 bytes <-> 18 pkts/1232 bytes][Goodput ratio: 22/20][7.11 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 381/372 1004/871 476/355][Pkt Len c2s/s2c min/avg/max/stddev: 68/54 80/68 93/83 11/14][TCP Fingerprint: 2_128_65535_44bd01ba086e/Unknown][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out
+++ b/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out
@ -35,6 +35,6 @@ Acceptable                     268 50558         4
 VoIP                           268 50558         4            

 	1	UDP 192.168.12.67:45419 <-> 35.219.226.11:54116 [proto: 78.269/STUN.SignalVoip][Stack: STUN.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 178][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][91 pkts/20258 bytes <-> 87 pkts/18776 bytes][Goodput ratio: 81/81][16.10 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 185/163 2145/2221 406/335][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 223/216 337/337 105/106][Mapped IP/Port: 93.35.168.30:45251, 35.219.226.11:54116][RTP packets: 56/58][PLAIN TEXT (zaziGwgI)][Plen Bins: 6,15,11,11,0,0,0,0,46,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 192.168.12.67:45419 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][Stack: STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 58][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][29 pkts/3570 bytes <-> 29 pkts/4210 bytes][Goodput ratio: 66/71][19.07 sec][Hostname/SNI: signal.org][bytes ratio: -0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 594/604 2518/2516 688/680][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 123/145 182/182 41/34][Mapped IP/Port: 93.35.168.30:45250, 35.219.226.11:54116, 35.219.252.146:22269, 35.219.226.11:12261][Peer IP/Port: 35.219.226.11:12261, 35.219.226.11:54116, 35.219.226.11:10127][Relayed IP/Port: 35.219.252.146:22269][RTP packets: 0/0][PLAIN TEXT (BDIbPI2)][Plen Bins: 17,8,15,32,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.12.67:45419 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][Stack: STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 58][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][29 pkts/3570 bytes <-> 29 pkts/4210 bytes][Goodput ratio: 66/71][19.07 sec][Hostname/SNI: signal.org][bytes ratio: -0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 594/604 2518/2516 688/680][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 123/145 182/182 41/34][Mapped IP/Port: 93.35.168.30:45250, 35.219.226.11:54116, 35.219.252.146:22269, 35.219.226.11:12261][Peer IP/Port: 35.219.226.11:12261, 35.219.226.11:54116, 35.219.226.11:10127][Relayed IP/Port: 35.219.252.146:22269][PLAIN TEXT (BDIbPI2)][Plen Bins: 17,8,15,32,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 192.168.12.67:45419 <-> 35.219.226.11:12261 [proto: 78.269/STUN.SignalVoip][Stack: STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 22][cat: VoIP/10][Breed: Acceptable][11 pkts/1238 bytes <-> 11 pkts/1454 bytes][Goodput ratio: 63/68][14.81 sec][bytes ratio: -0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 97/26 1215/1207 2521/2521 1083/1093][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 113/132 146/138 14/12][Mapped IP/Port: 93.35.168.30:45251, 35.219.226.11:12261][PLAIN TEXT (BV39hIkc1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.12.67:45419 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][Stack: STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][Breed: Acceptable][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.03 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/8 2504/2504 9975/9975 4313/4313][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45250][Relayed IP/Port: 35.216.234.234:45312][PLAIN TEXT (sWCyiFie)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/monitoring/result/stun.pcap.out
+++ b/tests/cfgs/monitoring/result/stun.pcap.out
@ -47,9 +47,9 @@ JA Host Stats:
 	2	 192.168.43.169           	 1      


-	1	UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][Stack: STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 75][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Mapped IP/Port: 93.47.226.1:11162, 185.170.139.1:12176, 31.13.86.54:53789, 185.170.139.1:42272, 31.13.86.54:57556][Peer IP/Port: 192.168.0.102:44459, 10.36.43.120:42272, 185.170.139.1:44459, 185.170.139.1:12176, 185.170.139.1:42272, 31.13.86.54:57556][Relayed IP/Port: 31.13.86.54:53789][RTP packets: 0/0][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][Stack: STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 75][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Mapped IP/Port: 93.47.226.1:11162, 185.170.139.1:12176, 31.13.86.54:53789, 185.170.139.1:42272, 31.13.86.54:57556][Peer IP/Port: 192.168.0.102:44459, 10.36.43.120:42272, 185.170.139.1:44459, 185.170.139.1:12176, 185.170.139.1:42272, 31.13.86.54:57556][Relayed IP/Port: 31.13.86.54:53789][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 30.404/DTLS.GoogleCall][Stack: STUN.DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 33][cat: VoIP/10][Breed: Acceptable][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][Mapped IP/Port: 93.47.225.70:12165][nDPI Fingerprint: c1d577a85c8ed52900cbc42aa007e9b3][DTLSv1.2][JA4: dd2i110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8][Validity: 2022-03-17 02:11:17 - 2023-03-18 02:11:17][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]
-	3	UDP [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603]:56880 <-> [2a38:e156:8167:a333:face:b00c::24d9]:3478 [proto: 78/STUN][Stack: STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 42][DPI packets before monitoring: 33][cat: Network/14][Breed: Acceptable][21 pkts/1722 bytes <-> 21 pkts/2226 bytes][Goodput ratio: 24/41][191.49 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/2 9451/9451 10358/10358 2441/2441][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Mapped IP/Port: [2001:1670:c:eb04:70af:f67f:8e49:f603]:56880][RTP packets: 0/0][PLAIN TEXT (WOBTrOXR)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603]:56880 <-> [2a38:e156:8167:a333:face:b00c::24d9]:3478 [proto: 78/STUN][Stack: STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 42][DPI packets before monitoring: 33][cat: Network/14][Breed: Acceptable][21 pkts/1722 bytes <-> 21 pkts/2226 bytes][Goodput ratio: 24/41][191.49 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/2 9451/9451 10358/10358 2441/2441][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Mapped IP/Port: [2001:1670:c:eb04:70af:f67f:8e49:f603]:56880][PLAIN TEXT (WOBTrOXR)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	TCP 87.47.100.17:3478 <-> 54.1.57.155:37257 [proto: 78/STUN][Stack: STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 20][cat: Network/14][Breed: Acceptable][9 pkts/1494 bytes <-> 11 pkts/2178 bytes][Goodput ratio: 60/67][0.95 sec][Hostname/SNI: apps-host.com][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/96 267/252 102/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/94 166/198 234/354 41/65][Mapped IP/Port: 5.37.217.126:37257][Peer IP/Port: 192.168.8.153:60001, 127.0.0.1:38763, 66.55.92.16:64920, 66.55.92.16:58225, 5.162.130.14:16947][Relayed IP/Port: 66.55.92.16:40576][PLAIN TEXT (Unauthorized)][Plen Bins: 10,0,15,21,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	5	TCP 10.77.110.51:41588 <-> 10.206.50.239:42000 [VLAN: 1611][proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: VoIP/10][Breed: Acceptable][7 pkts/1006 bytes <-> 8 pkts/1118 bytes][Goodput ratio: 58/57][1.05 sec][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 189/134 369/399 144/153][Pkt Len c2s/s2c min/avg/max/stddev: 70/64 144/140 164/172 31/43][Mapped IP/Port: 10.77.110.51:41588, 10.206.50.239:42000][TCP Fingerprint: 2_128_8192_5e2eda046ca7/Unknown][Plen Bins: 0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	UDP 192.168.12.169:43016 <-> 74.125.247.128:3478 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 8][cat: VoIP/10][Breed: Acceptable][4 pkts/528 bytes <-> 4 pkts/408 bytes][Goodput ratio: 68/59][1.25 sec][Hostname/SNI: turn.l.google.com][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/23 342/409 974/1177 447/543][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 132/102 198/122 61/19][Mapped IP/Port: 93.47.225.225:23616][Relayed IP/Port: 10.2.0.86:44908][PLAIN TEXT (BSnLfRxS6)][Plen Bins: 12,37,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out
+++ b/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out
@ -43,7 +43,7 @@ JA Host Stats:
 	1	UDP [2001:b07:a3d:c112:48a1:1094:1227:281e]:45572 <-> [2001:4860:4864:6::81]:19305 [proto: 30.404/DTLS.GoogleCall][Stack: STUN.DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 148][DPI packets before monitoring: 43][cat: VoIP/10][Breed: Acceptable][30 pkts/4693 bytes <-> 118 pkts/36197 bytes][Goodput ratio: 60/80][0.71 sec][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/2 152/74 32/9][Pkt Len c2s/s2c min/avg/max/stddev: 106/99 156/307 608/1265 88/113][Mapped IP/Port: [2001:b07:a3d:c112:48a1:1094:1227:281e]:45572][RTP packets: 11/104][nDPI Fingerprint: c1d577a85c8ed52900cbc42aa007e9b3][DTLSv1.2][JA4: dd2i110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 07:CC:FC:28:04:F2:29:8F:E9:C4:BF:AC:F6:D2:BD:F2:BA:36:AD:31][Validity: 2023-10-11 02:02:47 - 2024-10-11 02:02:47][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (igoKAAiKAiADEA)][Plen Bins: 0,6,16,5,2,0,0,0,68,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	UDP 192.168.12.156:38152 <-> 142.250.82.76:19305 [proto: 30.404/DTLS.GoogleCall][Stack: STUN.DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 74][DPI packets before monitoring: 43][cat: VoIP/10][Breed: Acceptable][28 pkts/4034 bytes <-> 46 pkts/12188 bytes][Goodput ratio: 71/84][0.87 sec][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/10 205/154 50/29][Pkt Len c2s/s2c min/avg/max/stddev: 87/79 144/265 587/1245 89/180][Mapped IP/Port: 93.35.171.209:39032][RTP packets: 11/31][nDPI Fingerprint: c1d577a85c8ed52900cbc42aa007e9b3][DTLSv1.2][JA4: dd2i110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 49:1A:C7:70:3E:79:F9:C5:3D:0F:46:33:B7:A4:EC:54:B0:93:C9:61][Validity: 2023-06-19 17:32:20 - 2024-06-19 17:32:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (HrRgpad)][Plen Bins: 0,8,37,9,4,0,0,0,38,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 192.168.12.156:38152 <-> 142.250.82.76:3478 [proto: 30.404/DTLS.GoogleCall][Stack: STUN.DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 79][DPI packets before monitoring: 43][cat: VoIP/10][Breed: Acceptable][55 pkts/7402 bytes <-> 24 pkts/3525 bytes][Goodput ratio: 69/71][6.63 sec][bytes ratio: 0.355 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 109/184 402/761 143/224][Pkt Len c2s/s2c min/avg/max/stddev: 87/82 135/147 423/579 69/115][Mapped IP/Port: 93.35.171.209:39032][RTP packets: 34/0][PLAIN TEXT (HrRgpad)][Plen Bins: 0,39,34,15,0,1,0,0,5,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	UDP 192.168.12.156:45400 <-> 142.250.82.76:3478 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 33][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][17 pkts/2694 bytes <-> 16 pkts/1696 bytes][Goodput ratio: 73/60][54.70 sec][bytes ratio: 0.227 (Upload)][IAT c2s/s2c min/avg/max/stddev: 90/78 3250/2028 17905/6554 4698/2127][Pkt Len c2s/s2c min/avg/max/stddev: 158/106 158/106 166/106 2/0][Mapped IP/Port: 93.35.171.209:39033][RTP packets: 0/0][PLAIN TEXT (HrRgpad)][Plen Bins: 0,0,48,51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 192.168.12.156:45400 <-> 142.250.82.76:3478 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 33][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][17 pkts/2694 bytes <-> 16 pkts/1696 bytes][Goodput ratio: 73/60][54.70 sec][bytes ratio: 0.227 (Upload)][IAT c2s/s2c min/avg/max/stddev: 90/78 3250/2028 17905/6554 4698/2127][Pkt Len c2s/s2c min/avg/max/stddev: 158/106 158/106 166/106 2/0][Mapped IP/Port: 93.35.171.209:39033][PLAIN TEXT (HrRgpad)][Plen Bins: 0,0,48,51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	5	UDP 192.168.12.156:38152 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][Breed: Acceptable][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10019/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39032][PLAIN TEXT (kAGNNzv)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	UDP 192.168.12.156:45400 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][Breed: Acceptable][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10020/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39033][PLAIN TEXT (tcEcaq476)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	7	UDP 192.168.12.156:45400 <-> 142.250.82.76:19305 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 4][cat: VoIP/10][Breed: Acceptable][2 pkts/324 bytes <-> 2 pkts/212 bytes][Goodput ratio: 74/60][0.63 sec][Mapped IP/Port: 93.35.171.209:39033][PLAIN TEXT (ByyD/CC)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/monitoring/result/stun_zoom.pcapng.out
+++ b/tests/cfgs/monitoring/result/stun_zoom.pcapng.out
@ -38,5 +38,5 @@ JA Host Stats:
 	1	 192.168.43.169           	 1      


-	1	UDP 192.168.43.169:53065 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][Stack: STUN.DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 40][DPI packets before monitoring: 22][cat: Video/26][Breed: Acceptable][19 pkts/3524 bytes <-> 21 pkts/6353 bytes][Goodput ratio: 77/86][1.19 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.286 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/45 153/178 50/56][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 185/303 231/1094 42/390][Mapped IP/Port: 93.33.105.111:8466][RTP packets: 0/0][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (webrtc)][Plen Bins: 5,15,27,2,27,10,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][Stack: STUN.DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 30][DPI packets before monitoring: 14][cat: Video/26][Breed: Acceptable][13 pkts/2491 bytes <-> 17 pkts/5890 bytes][Goodput ratio: 78/88][0.76 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/43 200/286 59/80][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 192/346 231/1094 40/422][Mapped IP/Port: 93.33.105.111:8466][RTP packets: 0/0][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (DCBD09778680)][Plen Bins: 10,13,23,0,26,10,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 192.168.43.169:53065 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][Stack: STUN.DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 40][DPI packets before monitoring: 22][cat: Video/26][Breed: Acceptable][19 pkts/3524 bytes <-> 21 pkts/6353 bytes][Goodput ratio: 77/86][1.19 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.286 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/45 153/178 50/56][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 185/303 231/1094 42/390][Mapped IP/Port: 93.33.105.111:8466][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (webrtc)][Plen Bins: 5,15,27,2,27,10,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][Stack: STUN.DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 30][DPI packets before monitoring: 14][cat: Video/26][Breed: Acceptable][13 pkts/2491 bytes <-> 17 pkts/5890 bytes][Goodput ratio: 78/88][0.76 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/43 200/286 59/80][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 192/346 231/1094 40/422][Mapped IP/Port: 93.33.105.111:8466][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (DCBD09778680)][Plen Bins: 10,13,23,0,26,10,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/ossfuzz.sh
+++ b/tests/ossfuzz.sh
@ -48,15 +48,7 @@ cd ndpi
 ./autogen.sh && AR=llvm-ar RANLIB=llvm-ranlib LDFLAGS="-L/usr/local/lib -lpcap" ADDITIONAL_INCS="-I/usr/local/include/json-c/" ADDITIONAL_LIBS="-L/usr/local/lib -ljson-c" ./configure --disable-shared --enable-fuzztargets --enable-tls-sigs --with-only-libndpi
 make -j$(nproc)
 # Copy fuzzers
-# TEMPORARY HACK for #14297: let's check if introspector job failed because
-# we have too many fuzzers...
-if [[ "$SANITIZER" != "introspector" ]]; then
-  ls fuzz/fuzz* | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
-else
-  ls fuzz/fuzz_ndpi_reader* | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
-  ls fuzz/fuzz_config | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
-  ls fuzz/fuzz_serialization | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
-fi
+ls fuzz/fuzz* | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
 # Copy dictionaries
 cp fuzz/*.dict "$OUT"/
 # Copy seed corpus