From 9e980968d6969272f4dabd2df9d6cd9dc352119a Mon Sep 17 00:00:00 2001
From: Alfredo Cardigliano <cardigliano@ntop.org>
Date: Fri, 28 Nov 2025 17:15:12 +0100
Subject: [PATCH 1/5] Extend s7comm dissector with metadata extractions (count
 requests by type)

---
 src/include/ndpi_typedefs.h |  16 ++++
 src/lib/protocols/s7comm.c  | 164 ++++++++++++++++++++++++++++++++++--
 2 files changed, 173 insertions(+), 7 deletions(-)

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index f6c9d08fc..0d98aa03b 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1734,6 +1734,22 @@ struct ndpi_flow_struct {
       u_int16_t user_id;
     } bfcp;
 
+    struct {
+      u_int16_t num_requests;       /* Total number of requests (Job messages) */
+      u_int16_t num_responses;      /* Total number of responses (Ack_Data messages) */
+      u_int8_t num_acks;            /* Number of acknowledgments without data */
+      u_int8_t num_userdata;        /* Number of UserData messages */
+      /* Function code counters (top 8 most common S7Comm functions) */
+      u_int8_t num_read_var;        /* Read Var (0x04) */
+      u_int8_t num_write_var;       /* Write Var (0x05) */
+      u_int8_t num_setup_comm;      /* Setup Communication (0xF0) */
+      u_int8_t num_download;        /* Download (0x1A) */
+      u_int8_t num_upload;          /* Upload (0x1B) */
+      u_int8_t num_plc_control;     /* PLC Control (0x28) */
+      u_int8_t num_plc_stop;        /* PLC Stop (0x29) */
+      u_int8_t num_other_funcs;     /* Other function codes */
+    } s7comm;
+
   } protos;
 
   /* **Packet** metadata for flows where monitoring is enabled. It is reset after each packet! */
diff --git a/src/lib/protocols/s7comm.c b/src/lib/protocols/s7comm.c
index 475be9aef..3f496a4c7 100644
--- a/src/lib/protocols/s7comm.c
+++ b/src/lib/protocols/s7comm.c
@@ -33,32 +33,182 @@
 #define S7COMM_MAGIC_BYTE       0x32
 #define S7COMM_PLUS_MAGIC_BYTE  0x72
 
+/* S7Comm Message Types */
+#define S7COMM_MSG_JOB          0x01  /* Request */
+#define S7COMM_MSG_ACK          0x02  /* Acknowledgment without data */
+#define S7COMM_MSG_ACK_DATA     0x03  /* Response with data */
+#define S7COMM_MSG_USERDATA     0x07  /* UserData (programming/debugging) */
+
+/* S7Comm Function Codes (in Job messages) */
+#define S7COMM_FUNC_READ_VAR    0x04  /* Read Var */
+#define S7COMM_FUNC_WRITE_VAR   0x05  /* Write Var */
+#define S7COMM_FUNC_DOWNLOAD    0x1A  /* Download block */
+#define S7COMM_FUNC_UPLOAD      0x1B  /* Upload block */
+#define S7COMM_FUNC_PLC_CONTROL 0x28  /* PLC Control */
+#define S7COMM_FUNC_PLC_STOP    0x29  /* PLC Stop */
+#define S7COMM_FUNC_SETUP_COMM  0xF0  /* Setup Communication */
+
+/* S7Comm header offsets (after TPKT + COTP) */
+#define S7COMM_HEADER_PROTOCOL_ID   0  /* Protocol ID (0x32) */
+#define S7COMM_HEADER_MSG_TYPE      1  /* Message type */
+#define S7COMM_HEADER_RESERVED      2  /* Reserved (2 bytes) */
+#define S7COMM_HEADER_PDU_REF       4  /* PDU reference (2 bytes) */
+#define S7COMM_HEADER_PARAM_LEN     6  /* Parameter length (2 bytes) */
+#define S7COMM_HEADER_DATA_LEN      8  /* Data length (2 bytes) */
+#define S7COMM_HEADER_MIN_LEN      10  /* Minimum header length */
+
+/* For Ack_Data messages, there's an error code before parameters */
+#define S7COMM_ACK_DATA_ERROR_CODE  10 /* Error code (2 bytes, only in Ack_Data) */
+#define S7COMM_ACK_DATA_PARAM_START 12 /* Parameter start for Ack_Data */
+#define S7COMM_JOB_PARAM_START      10 /* Parameter start for Job */
+
+/* Helper function to parse S7Comm message and update statistics */
+static void ndpi_parse_s7comm_message(struct ndpi_detection_module_struct *ndpi_struct,
+                                      struct ndpi_flow_struct *flow,
+                                      const u_int8_t *s7comm_header,
+                                      u_int16_t s7comm_len)
+{
+  u_int8_t msg_type;
+  u_int16_t param_len;
+  u_int8_t function_code;
+
+  /* Need at least the minimum S7Comm header */
+  if (s7comm_len < S7COMM_HEADER_MIN_LEN)
+    return;
+
+  msg_type = s7comm_header[S7COMM_HEADER_MSG_TYPE];
+  param_len = get_u_int16_t(s7comm_header, S7COMM_HEADER_PARAM_LEN);
+
+  NDPI_LOG_DBG2(ndpi_struct, "S7Comm msg_type=0x%02x, param_len=%u\n", msg_type, param_len);
+
+  /* Update message type counters */
+  switch(msg_type) {
+    case S7COMM_MSG_JOB:
+      flow->protos.s7comm.num_requests++;
+
+      /* Parse function code from parameter section for Job messages */
+      if (param_len > 0 && s7comm_len > S7COMM_JOB_PARAM_START) {
+        function_code = s7comm_header[S7COMM_JOB_PARAM_START];
+        NDPI_LOG_DBG2(ndpi_struct, "S7Comm Job function_code=0x%02x\n", function_code);
+
+        /* Update function-specific counters */
+        switch(function_code) {
+          case S7COMM_FUNC_READ_VAR:
+            flow->protos.s7comm.num_read_var++;
+            break;
+          case S7COMM_FUNC_WRITE_VAR:
+            flow->protos.s7comm.num_write_var++;
+            break;
+          case S7COMM_FUNC_SETUP_COMM:
+            flow->protos.s7comm.num_setup_comm++;
+            break;
+          case S7COMM_FUNC_DOWNLOAD:
+            flow->protos.s7comm.num_download++;
+            break;
+          case S7COMM_FUNC_UPLOAD:
+            flow->protos.s7comm.num_upload++;
+            break;
+          case S7COMM_FUNC_PLC_CONTROL:
+            flow->protos.s7comm.num_plc_control++;
+            break;
+          case S7COMM_FUNC_PLC_STOP:
+            flow->protos.s7comm.num_plc_stop++;
+            break;
+          default:
+            flow->protos.s7comm.num_other_funcs++;
+            break;
+        }
+      }
+      break;
+
+    case S7COMM_MSG_ACK:
+      flow->protos.s7comm.num_acks++;
+      break;
+
+    case S7COMM_MSG_ACK_DATA:
+      flow->protos.s7comm.num_responses++;
+      /* Could also parse the function code from Ack_Data if needed */
+      if (param_len > 0 && s7comm_len > S7COMM_ACK_DATA_PARAM_START) {
+        function_code = s7comm_header[S7COMM_ACK_DATA_PARAM_START];
+        NDPI_LOG_DBG2(ndpi_struct, "S7Comm Ack_Data function_code=0x%02x\n", function_code);
+      }
+      break;
+
+    case S7COMM_MSG_USERDATA:
+      flow->protos.s7comm.num_userdata++;
+      break;
+
+    default:
+      NDPI_LOG_DBG2(ndpi_struct, "S7Comm unknown msg_type=0x%02x\n", msg_type);
+      break;
+  }
+}
+
+/* Callback function for continuous packet processing after detection */
+static int ndpi_search_s7comm_again(struct ndpi_detection_module_struct *ndpi_struct,
+                                    struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
+  u_int8_t s7comm_offset = 7; /* TPKT(4) + COTP(3) = offset 7 for S7Comm header */
+
+  NDPI_LOG_DBG2(ndpi_struct, "S7Comm extra dissection\n");
+
+  /* Skip retransmissions and empty packets */
+  if (packet->tcp_retransmission || packet->payload_packet_len == 0)
+    return 1; /* Continue extra dissection */
+
+  /* Parse S7Comm messages for statistics throughout the session */
+  if (tpkt_verify_hdr(packet) && (packet->payload_packet_len > s7comm_offset + S7COMM_HEADER_MIN_LEN)) {
+    if (packet->payload[s7comm_offset] == S7COMM_MAGIC_BYTE) {
+      ndpi_parse_s7comm_message(ndpi_struct, flow,
+                                &packet->payload[s7comm_offset],
+                                packet->payload_packet_len - s7comm_offset);
+    }
+  }
+
+  return 1; /* Continue extra dissection */
+}
+
 static void ndpi_search_s7comm(struct ndpi_detection_module_struct *ndpi_struct,
                                struct ndpi_flow_struct *flow)
 {
   struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
+  u_int8_t s7comm_offset = 7; /* TPKT(4) + COTP(3) = offset 7 for S7Comm header */
 
   NDPI_LOG_DBG(ndpi_struct, "search S7comm\n");
 
+  /* Initial detection */
   if (tpkt_verify_hdr(packet) && (packet->payload_packet_len > 17) &&
       ((packet->tcp->source == htons(TPKT_PORT)) ||
        (packet->tcp->dest == htons(TPKT_PORT))))
   {
-    if (packet->payload[7] == S7COMM_PLUS_MAGIC_BYTE) {
+    if (packet->payload[s7comm_offset] == S7COMM_PLUS_MAGIC_BYTE) {
       const u_int16_t trail_byte_offset = packet->payload_packet_len - 4;
       if (packet->payload[trail_byte_offset] == S7COMM_PLUS_MAGIC_BYTE) {
         NDPI_LOG_INFO(ndpi_struct, "found S7CommPlus\n");
-        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM_PLUS, 
+        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM_PLUS,
                                    NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
         return;
-      } 
-    } else if (packet->payload[7] == S7COMM_MAGIC_BYTE) {
-      if (((packet->payload[8] <= 0x03) || (packet->payload[8] == 0x07)) &&
-          (get_u_int16_t(packet->payload, 9) == 0))
+      }
+    } else if (packet->payload[s7comm_offset] == S7COMM_MAGIC_BYTE) {
+      if (((packet->payload[s7comm_offset + 1] <= 0x03) || (packet->payload[s7comm_offset + 1] == 0x07)) &&
+          (get_u_int16_t(packet->payload, s7comm_offset + 2) == 0))
       {
         NDPI_LOG_INFO(ndpi_struct, "found S7Comm\n");
-        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM, 
+        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM,
                                    NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+
+        /* Parse this first message for statistics */
+        ndpi_parse_s7comm_message(ndpi_struct, flow,
+                                  &packet->payload[s7comm_offset],
+                                  packet->payload_packet_len - s7comm_offset);
+
+        /* Enable extra dissection to analyze all packets throughout the session */
+        flow->max_extra_packets_to_check = 1; /* Unused with MONITORING state, but required */
+        flow->extra_packets_func = ndpi_search_s7comm_again;
+        flow->state = NDPI_STATE_MONITORING; /* Continue processing indefinitely */
+
+        NDPI_LOG_DBG(ndpi_struct, "S7Comm: enabled continuous monitoring\n");
         return;
       }
     }

From b7625091774b2417986dc22ba7786c99810f15fb Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Fri, 28 Nov 2025 17:11:24 +0000
Subject: [PATCH 2/5] S7Comm: follow-up to complete monitoring feature (#3045)

---
 doc/configuration_parameters.rst              |  2 +-
 doc/monitoring.rst                            |  2 +-
 example/ndpiReader.c                          |  6 ++--
 src/lib/protocols/s7comm.c                    | 25 +++++++------
 tests/cfgs/monitoring/config.txt              |  2 +-
 tests/cfgs/monitoring/pcap/s7comm.pcap        |  1 +
 tests/cfgs/monitoring/result/s7comm.pcap.out  | 36 +++++++++++++++++++
 .../result/signal_audiocall.pcapng.out        |  2 +-
 tests/cfgs/monitoring/result/stun.pcap.out    |  4 +--
 .../result/stun_google_meet.pcapng.out        |  2 +-
 .../monitoring/result/stun_zoom.pcapng.out    |  4 +--
 11 files changed, 65 insertions(+), 21 deletions(-)
 create mode 120000 tests/cfgs/monitoring/pcap/s7comm.pcap
 create mode 100644 tests/cfgs/monitoring/result/s7comm.pcap.out

diff --git a/doc/configuration_parameters.rst b/doc/configuration_parameters.rst
index e229f921d..31a5ba2dd 100644
--- a/doc/configuration_parameters.rst
+++ b/doc/configuration_parameters.rst
@@ -208,7 +208,7 @@ List of the supported configuration options:
 |              |                                                               |                 |            |            | SurfSharkVPN, Teamviewer, Telegram, Tencent, Threema, TOR, Twitch, Twitter, VK, Yandex, Yandex Cloud, Webex, Whatsapp, Zoom                                       |
 +--------------+---------------------------------------------------------------+-----------------+------------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | $PROTO_NAME  | "monitoring"                                                  | disable         | NULL       | NULL       | Enable/disable monitoring state for this specific protocol. Use "any" as protocol name if you want to easily enable/disable monitoring feature for all protocols. |
-|              |                                                               |                 |            |            | This knob is valid only for the following protocols: Stun. Monitoring allows nDPI to process the entire flow (i.e. all its packets), without any limits.          |
+|              |                                                               |                 |            |            | This knob is valid only for the following protocols: S7Comm, Stun. Monitoring allows nDPI to process the entire flow (i.e. all its packets), without any limits.  |
 |              |                                                               |                 |            |            | See doc/monitoring.md for further details                                                                                                                         |
 +--------------+---------------------------------------------------------------+-----------------+------------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | $PROTO_NAME  | "enable"                                                      | enable          | NULL       | NULL       | Enable/disable the specific protocol. Use "any" or "all" as protocol name if you want to easily enable/disable all protocols.                                     |
diff --git a/doc/monitoring.rst b/doc/monitoring.rst
index 53dcbea9c..21045aa00 100644
--- a/doc/monitoring.rst
+++ b/doc/monitoring.rst
@@ -20,7 +20,7 @@ In other words:
 - "(current) packet metadata" is saved in ``ndpi_flow->monitor``, only if monitor is enabled.
 
 Monitoring must be explicitly enabled with something like: ``--cfg=stun,monitoring,1``.  
-To enable/disable monitoring for all protocols you can use ``--cfg=any,monitoring,1`` but only STUN is supported right now.
+To enable/disable monitoring for all protocols you can use ``--cfg=any,monitoring,1`` but only STUN and S7COMM are supported right now.
 
 Since monitoring processes *all* the flow packets, it might have an impact on performances.
 
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 8b1d9f629..95875321c 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -2486,7 +2486,8 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
     print_ndpi_address_port_list_file(out, "Other IP/Port", &flow->stun.other_address);
 
     /* These counters make sense only if the flow entered the monitor state */
-    if(flow->num_packets_before_monitoring > 0)
+    if(flow->num_packets_before_monitoring > 0 &&
+       (flow->stun.rtp_counters[0] > 0 || flow->stun.rtp_counters[1] > 0))
       fprintf(out, "[RTP packets: %d/%d]", flow->stun.rtp_counters[0], flow->stun.rtp_counters[1]);
 
     if(flow->http.url[0] != '\0')
@@ -3401,7 +3402,8 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle,
   }
 
   char buf[16];
-  if(ndpi_get_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, "stun", "monitoring", buf, sizeof(buf)) != NULL) {
+  if(ndpi_get_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, "stun", "monitoring", buf, sizeof(buf)) != NULL ||
+     ndpi_get_config(ndpi_thread_info[thread_id].workflow->ndpi_struct, "s7comm", "monitoring", buf, sizeof(buf)) != NULL) {
     if(atoi(buf))
       monitoring_enabled = 1;
   }
diff --git a/src/lib/protocols/s7comm.c b/src/lib/protocols/s7comm.c
index 3f496a4c7..dc98fc836 100644
--- a/src/lib/protocols/s7comm.c
+++ b/src/lib/protocols/s7comm.c
@@ -76,6 +76,9 @@ static void ndpi_parse_s7comm_message(struct ndpi_detection_module_struct *ndpi_
   if (s7comm_len < S7COMM_HEADER_MIN_LEN)
     return;
 
+  if(flow->monit == NULL)
+    flow->monit = ndpi_calloc(1, sizeof(struct ndpi_metadata_monitoring));
+
   msg_type = s7comm_header[S7COMM_HEADER_MSG_TYPE];
   param_len = get_u_int16_t(s7comm_header, S7COMM_HEADER_PARAM_LEN);
 
@@ -188,6 +191,7 @@ static void ndpi_search_s7comm(struct ndpi_detection_module_struct *ndpi_struct,
         NDPI_LOG_INFO(ndpi_struct, "found S7CommPlus\n");
         ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM_PLUS,
                                    NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+        /* TODO: monitoring? */
         return;
       }
     } else if (packet->payload[s7comm_offset] == S7COMM_MAGIC_BYTE) {
@@ -198,17 +202,18 @@ static void ndpi_search_s7comm(struct ndpi_detection_module_struct *ndpi_struct,
         ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM,
                                    NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
 
-        /* Parse this first message for statistics */
-        ndpi_parse_s7comm_message(ndpi_struct, flow,
-                                  &packet->payload[s7comm_offset],
-                                  packet->payload_packet_len - s7comm_offset);
+        if(is_monitoring_enabled(ndpi_struct, NDPI_PROTOCOL_S7COMM)) {
+          /* Parse this first message for statistics.
+           * It makes sense only in monitoring */
+          ndpi_parse_s7comm_message(ndpi_struct, flow,
+                                    &packet->payload[s7comm_offset],
+                                    packet->payload_packet_len - s7comm_offset);
 
-        /* Enable extra dissection to analyze all packets throughout the session */
-        flow->max_extra_packets_to_check = 1; /* Unused with MONITORING state, but required */
-        flow->extra_packets_func = ndpi_search_s7comm_again;
-        flow->state = NDPI_STATE_MONITORING; /* Continue processing indefinitely */
-
-        NDPI_LOG_DBG(ndpi_struct, "S7Comm: enabled continuous monitoring\n");
+          NDPI_LOG_DBG(ndpi_struct, "Enabled monitoring\n");
+          flow->state = NDPI_STATE_MONITORING;
+          /* No extra dissection, we move directly to monitor state */
+          flow->extra_packets_func = ndpi_search_s7comm_again;
+        }
         return;
       }
     }
diff --git a/tests/cfgs/monitoring/config.txt b/tests/cfgs/monitoring/config.txt
index 6c7878a05..6a90a966e 100644
--- a/tests/cfgs/monitoring/config.txt
+++ b/tests/cfgs/monitoring/config.txt
@@ -1 +1 @@
---cfg=packets_limit_per_flow,64 --cfg=stun,monitoring,1 --cfg=stun,max_packets_extra_dissection,32 -U 0 -T 0
+--cfg=packets_limit_per_flow,64 --cfg=stun,monitoring,1 --cfg=s7comm,monitoring,1 --cfg=stun,max_packets_extra_dissection,32 -U 0 -T 0
diff --git a/tests/cfgs/monitoring/pcap/s7comm.pcap b/tests/cfgs/monitoring/pcap/s7comm.pcap
new file mode 120000
index 000000000..49a083f5a
--- /dev/null
+++ b/tests/cfgs/monitoring/pcap/s7comm.pcap
@@ -0,0 +1 @@
+../../default/pcap/s7comm.pcap
\ No newline at end of file
diff --git a/tests/cfgs/monitoring/result/s7comm.pcap.out b/tests/cfgs/monitoring/result/s7comm.pcap.out
new file mode 100644
index 000000000..c720f2563
--- /dev/null
+++ b/tests/cfgs/monitoring/result/s7comm.pcap.out
@@ -0,0 +1,36 @@
+DPI Packets (TCP):	55	(55.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 189 (189.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/1/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+Hash malicious ja4:        0/0 (search/found)
+Hash malicious sha1:       0/0 (search/found)
+Hash TCP fingerprints:     0/0 (search/found)
+Hash public domain suffix: 0/0 (search/found)
+Hash ja4 custom protos:    0/0 (search/found)
+Hash fp custom protos:     0/0 (search/found)
+Hash url custom protos:    0/0 (search/found)
+
+S7Comm	55	5260	1
+
+Acceptable                      55 5260          1            
+
+IoT-Scada                       55 5260          1            
+
+	1	TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 55][DPI packets before monitoring: 3][cat: IoT-Scada/31][Breed: Acceptable][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out b/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out
index 6e2dcd922..dfb3bfe9a 100644
--- a/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out
+++ b/tests/cfgs/monitoring/result/signal_audiocall.pcapng.out
@@ -35,6 +35,6 @@ Acceptable                     268 50558         4
 VoIP                           268 50558         4            
 
 	1	UDP 192.168.12.67:45419 <-> 35.219.226.11:54116 [proto: 78.269/STUN.SignalVoip][Stack: STUN.SignalVoip][IP: 284/GoogleCloud][Stream Content: Audio][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 178][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][91 pkts/20258 bytes <-> 87 pkts/18776 bytes][Goodput ratio: 81/81][16.10 sec][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 185/163 2145/2221 406/335][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 223/216 337/337 105/106][Mapped IP/Port: 93.35.168.30:45251, 35.219.226.11:54116][RTP packets: 56/58][PLAIN TEXT (zaziGwgI)][Plen Bins: 6,15,11,11,0,0,0,0,46,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 192.168.12.67:45419 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][Stack: STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 58][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][29 pkts/3570 bytes <-> 29 pkts/4210 bytes][Goodput ratio: 66/71][19.07 sec][Hostname/SNI: signal.org][bytes ratio: -0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 594/604 2518/2516 688/680][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 123/145 182/182 41/34][Mapped IP/Port: 93.35.168.30:45250, 35.219.226.11:54116, 35.219.252.146:22269, 35.219.226.11:12261][Peer IP/Port: 35.219.226.11:12261, 35.219.226.11:54116, 35.219.226.11:10127][Relayed IP/Port: 35.219.252.146:22269][RTP packets: 0/0][PLAIN TEXT (BDIbPI2)][Plen Bins: 17,8,15,32,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.12.67:45419 <-> 35.219.252.146:3478 [proto: 78.269/STUN.SignalVoip][Stack: STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 58][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][29 pkts/3570 bytes <-> 29 pkts/4210 bytes][Goodput ratio: 66/71][19.07 sec][Hostname/SNI: signal.org][bytes ratio: -0.082 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 594/604 2518/2516 688/680][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 123/145 182/182 41/34][Mapped IP/Port: 93.35.168.30:45250, 35.219.226.11:54116, 35.219.252.146:22269, 35.219.226.11:12261][Peer IP/Port: 35.219.226.11:12261, 35.219.226.11:54116, 35.219.226.11:10127][Relayed IP/Port: 35.219.252.146:22269][PLAIN TEXT (BDIbPI2)][Plen Bins: 17,8,15,32,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 192.168.12.67:45419 <-> 35.219.226.11:12261 [proto: 78.269/STUN.SignalVoip][Stack: STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78.269/STUN.SignalVoip, Confidence: DPI][DPI packets: 22][cat: VoIP/10][Breed: Acceptable][11 pkts/1238 bytes <-> 11 pkts/1454 bytes][Goodput ratio: 63/68][14.81 sec][bytes ratio: -0.080 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 97/26 1215/1207 2521/2521 1083/1093][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 113/132 146/138 14/12][Mapped IP/Port: 93.35.168.30:45251, 35.219.226.11:12261][PLAIN TEXT (BV39hIkc1)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	UDP 192.168.12.67:45419 <-> 35.216.234.234:3478 [proto: 78.269/STUN.SignalVoip][Stack: STUN.SignalVoip][IP: 284/GoogleCloud][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 10][cat: VoIP/10][Breed: Acceptable][5 pkts/510 bytes <-> 5 pkts/542 bytes][Goodput ratio: 59/61][10.03 sec][Hostname/SNI: signal.org][bytes ratio: -0.030 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/8 2504/2504 9975/9975 4313/4313][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 102/108 158/126 46/15][Mapped IP/Port: 93.35.168.30:45250][Relayed IP/Port: 35.216.234.234:45312][PLAIN TEXT (sWCyiFie)][Plen Bins: 30,30,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/stun.pcap.out b/tests/cfgs/monitoring/result/stun.pcap.out
index b6a37fa35..7408f4755 100644
--- a/tests/cfgs/monitoring/result/stun.pcap.out
+++ b/tests/cfgs/monitoring/result/stun.pcap.out
@@ -47,9 +47,9 @@ JA Host Stats:
 	2	 192.168.43.169           	 1      
 
 
-	1	UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][Stack: STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 75][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Mapped IP/Port: 93.47.226.1:11162, 185.170.139.1:12176, 31.13.86.54:53789, 185.170.139.1:42272, 31.13.86.54:57556][Peer IP/Port: 192.168.0.102:44459, 10.36.43.120:42272, 185.170.139.1:44459, 185.170.139.1:12176, 185.170.139.1:42272, 31.13.86.54:57556][Relayed IP/Port: 31.13.86.54:53789][RTP packets: 0/0][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 192.168.12.169:38123 <-> 31.13.86.54:40003 [proto: 78.268/STUN.FacebookVoip][Stack: STUN.FacebookVoip][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 75][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][40 pkts/6134 bytes <-> 35 pkts/4420 bytes][Goodput ratio: 73/67][10.09 sec][Hostname/SNI: turner.facebook][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/331 6004/5997 1040/1126][Pkt Len c2s/s2c min/avg/max/stddev: 70/68 153/126 190/174 31/39][Mapped IP/Port: 93.47.226.1:11162, 185.170.139.1:12176, 31.13.86.54:53789, 185.170.139.1:42272, 31.13.86.54:57556][Peer IP/Port: 192.168.0.102:44459, 10.36.43.120:42272, 185.170.139.1:44459, 185.170.139.1:12176, 185.170.139.1:42272, 31.13.86.54:57556][Relayed IP/Port: 31.13.86.54:53789][PLAIN TEXT (unauthorized)][Plen Bins: 8,14,9,28,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	UDP 192.168.12.169:49153 <-> 142.250.82.99:3478 [proto: 30.404/DTLS.GoogleCall][Stack: STUN.DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 33][cat: VoIP/10][Breed: Acceptable][18 pkts/2856 bytes <-> 15 pkts/3436 bytes][Goodput ratio: 74/82][2.12 sec][bytes ratio: -0.092 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 88/153 699/625 177/222][Pkt Len c2s/s2c min/avg/max/stddev: 107/76 159/229 588/1240 107/297][Mapped IP/Port: 93.47.225.70:12165][nDPI Fingerprint: c1d577a85c8ed52900cbc42aa007e9b3][DTLSv1.2][JA4: dd2i110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8][Validity: 2022-03-17 02:11:17 - 2023-03-18 02:11:17][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (BwlkYDtFJ)][Plen Bins: 0,6,57,21,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]
-	3	UDP [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603]:56880 <-> [2a38:e156:8167:a333:face:b00c::24d9]:3478 [proto: 78/STUN][Stack: STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 42][DPI packets before monitoring: 33][cat: Network/14][Breed: Acceptable][21 pkts/1722 bytes <-> 21 pkts/2226 bytes][Goodput ratio: 24/41][191.49 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/2 9451/9451 10358/10358 2441/2441][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Mapped IP/Port: [2001:1670:c:eb04:70af:f67f:8e49:f603]:56880][RTP packets: 0/0][PLAIN TEXT (WOBTrOXR)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603]:56880 <-> [2a38:e156:8167:a333:face:b00c::24d9]:3478 [proto: 78/STUN][Stack: STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 42][DPI packets before monitoring: 33][cat: Network/14][Breed: Acceptable][21 pkts/1722 bytes <-> 21 pkts/2226 bytes][Goodput ratio: 24/41][191.49 sec][bytes ratio: -0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/2 9451/9451 10358/10358 2441/2441][Pkt Len c2s/s2c min/avg/max/stddev: 82/106 82/106 82/106 0/0][Mapped IP/Port: [2001:1670:c:eb04:70af:f67f:8e49:f603]:56880][PLAIN TEXT (WOBTrOXR)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	TCP 87.47.100.17:3478 <-> 54.1.57.155:37257 [proto: 78/STUN][Stack: STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 20][cat: Network/14][Breed: Acceptable][9 pkts/1494 bytes <-> 11 pkts/2178 bytes][Goodput ratio: 60/67][0.95 sec][Hostname/SNI: apps-host.com][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/96 267/252 102/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/94 166/198 234/354 41/65][Mapped IP/Port: 5.37.217.126:37257][Peer IP/Port: 192.168.8.153:60001, 127.0.0.1:38763, 66.55.92.16:64920, 66.55.92.16:58225, 5.162.130.14:16947][Relayed IP/Port: 66.55.92.16:40576][PLAIN TEXT (Unauthorized)][Plen Bins: 10,0,15,21,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	5	TCP 10.77.110.51:41588 <-> 10.206.50.239:42000 [VLAN: 1611][proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: VoIP/10][Breed: Acceptable][7 pkts/1006 bytes <-> 8 pkts/1118 bytes][Goodput ratio: 58/57][1.05 sec][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 189/134 369/399 144/153][Pkt Len c2s/s2c min/avg/max/stddev: 70/64 144/140 164/172 31/43][Mapped IP/Port: 10.77.110.51:41588, 10.206.50.239:42000][TCP Fingerprint: 2_128_8192_5e2eda046ca7/Unknown][Plen Bins: 0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	UDP 192.168.12.169:43016 <-> 74.125.247.128:3478 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 8][cat: VoIP/10][Breed: Acceptable][4 pkts/528 bytes <-> 4 pkts/408 bytes][Goodput ratio: 68/59][1.25 sec][Hostname/SNI: turn.l.google.com][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/23 342/409 974/1177 447/543][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 132/102 198/122 61/19][Mapped IP/Port: 93.47.225.225:23616][Relayed IP/Port: 10.2.0.86:44908][PLAIN TEXT (BSnLfRxS6)][Plen Bins: 12,37,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out b/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out
index e45a94c1a..fe77fdf66 100644
--- a/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out
+++ b/tests/cfgs/monitoring/result/stun_google_meet.pcapng.out
@@ -43,7 +43,7 @@ JA Host Stats:
 	1	UDP [2001:b07:a3d:c112:48a1:1094:1227:281e]:45572 <-> [2001:4860:4864:6::81]:19305 [proto: 30.404/DTLS.GoogleCall][Stack: STUN.DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 148][DPI packets before monitoring: 43][cat: VoIP/10][Breed: Acceptable][30 pkts/4693 bytes <-> 118 pkts/36197 bytes][Goodput ratio: 60/80][0.71 sec][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/2 152/74 32/9][Pkt Len c2s/s2c min/avg/max/stddev: 106/99 156/307 608/1265 88/113][Mapped IP/Port: [2001:b07:a3d:c112:48a1:1094:1227:281e]:45572][RTP packets: 11/104][nDPI Fingerprint: c1d577a85c8ed52900cbc42aa007e9b3][DTLSv1.2][JA4: dd2i110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 07:CC:FC:28:04:F2:29:8F:E9:C4:BF:AC:F6:D2:BD:F2:BA:36:AD:31][Validity: 2023-10-11 02:02:47 - 2024-10-11 02:02:47][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (igoKAAiKAiADEA)][Plen Bins: 0,6,16,5,2,0,0,0,68,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	UDP 192.168.12.156:38152 <-> 142.250.82.76:19305 [proto: 30.404/DTLS.GoogleCall][Stack: STUN.DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 74][DPI packets before monitoring: 43][cat: VoIP/10][Breed: Acceptable][28 pkts/4034 bytes <-> 46 pkts/12188 bytes][Goodput ratio: 71/84][0.87 sec][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/10 205/154 50/29][Pkt Len c2s/s2c min/avg/max/stddev: 87/79 144/265 587/1245 89/180][Mapped IP/Port: 93.35.171.209:39032][RTP packets: 11/31][nDPI Fingerprint: c1d577a85c8ed52900cbc42aa007e9b3][DTLSv1.2][JA4: dd2i110700_c45550529adf_d9dd6182da81][JA3S: 1f5d6a6d0bc5d514dd84d13e6283d309][Issuer: CN=hangouts][Subject: CN=hangouts][Certificate SHA-1: 49:1A:C7:70:3E:79:F9:C5:3D:0F:46:33:B7:A4:EC:54:B0:93:C9:61][Validity: 2023-06-19 17:32:20 - 2024-06-19 17:32:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (HrRgpad)][Plen Bins: 0,8,37,9,4,0,0,0,38,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 192.168.12.156:38152 <-> 142.250.82.76:3478 [proto: 30.404/DTLS.GoogleCall][Stack: STUN.DTLS.GoogleCall][IP: 126/Google][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 79][DPI packets before monitoring: 43][cat: VoIP/10][Breed: Acceptable][55 pkts/7402 bytes <-> 24 pkts/3525 bytes][Goodput ratio: 69/71][6.63 sec][bytes ratio: 0.355 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 109/184 402/761 143/224][Pkt Len c2s/s2c min/avg/max/stddev: 87/82 135/147 423/579 69/115][Mapped IP/Port: 93.35.171.209:39032][RTP packets: 34/0][PLAIN TEXT (HrRgpad)][Plen Bins: 0,39,34,15,0,1,0,0,5,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	UDP 192.168.12.156:45400 <-> 142.250.82.76:3478 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 33][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][17 pkts/2694 bytes <-> 16 pkts/1696 bytes][Goodput ratio: 73/60][54.70 sec][bytes ratio: 0.227 (Upload)][IAT c2s/s2c min/avg/max/stddev: 90/78 3250/2028 17905/6554 4698/2127][Pkt Len c2s/s2c min/avg/max/stddev: 158/106 158/106 166/106 2/0][Mapped IP/Port: 93.35.171.209:39033][RTP packets: 0/0][PLAIN TEXT (HrRgpad)][Plen Bins: 0,0,48,51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 192.168.12.156:45400 <-> 142.250.82.76:3478 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 33][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][17 pkts/2694 bytes <-> 16 pkts/1696 bytes][Goodput ratio: 73/60][54.70 sec][bytes ratio: 0.227 (Upload)][IAT c2s/s2c min/avg/max/stddev: 90/78 3250/2028 17905/6554 4698/2127][Pkt Len c2s/s2c min/avg/max/stddev: 158/106 158/106 166/106 2/0][Mapped IP/Port: 93.35.171.209:39033][PLAIN TEXT (HrRgpad)][Plen Bins: 0,0,48,51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	5	UDP 192.168.12.156:38152 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][Breed: Acceptable][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10019/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39032][PLAIN TEXT (kAGNNzv)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	UDP 192.168.12.156:45400 <-> 74.125.128.127:19302 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI (cache)][FPC: 78/STUN, Confidence: DPI][DPI packets: 12][cat: VoIP/10][Breed: Acceptable][6 pkts/372 bytes <-> 6 pkts/444 bytes][Goodput ratio: 32/43][50.12 sec][bytes ratio: -0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10020/10019 10022/10021 10026/10025 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 62/74 62/74 0/0][Mapped IP/Port: 93.35.171.209:39033][PLAIN TEXT (tcEcaq476)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	7	UDP 192.168.12.156:45400 <-> 142.250.82.76:19305 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78.404/STUN.GoogleCall, Confidence: DPI][DPI packets: 4][cat: VoIP/10][Breed: Acceptable][2 pkts/324 bytes <-> 2 pkts/212 bytes][Goodput ratio: 74/60][0.63 sec][Mapped IP/Port: 93.35.171.209:39033][PLAIN TEXT (ByyD/CC)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/result/stun_zoom.pcapng.out b/tests/cfgs/monitoring/result/stun_zoom.pcapng.out
index 61266731b..6889d0032 100644
--- a/tests/cfgs/monitoring/result/stun_zoom.pcapng.out
+++ b/tests/cfgs/monitoring/result/stun_zoom.pcapng.out
@@ -38,5 +38,5 @@ JA Host Stats:
 	1	 192.168.43.169           	 1      
 
 
-	1	UDP 192.168.43.169:53065 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][Stack: STUN.DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 40][DPI packets before monitoring: 22][cat: Video/26][Breed: Acceptable][19 pkts/3524 bytes <-> 21 pkts/6353 bytes][Goodput ratio: 77/86][1.19 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.286 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/45 153/178 50/56][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 185/303 231/1094 42/390][Mapped IP/Port: 93.33.105.111:8466][RTP packets: 0/0][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (webrtc)][Plen Bins: 5,15,27,2,27,10,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][Stack: STUN.DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 30][DPI packets before monitoring: 14][cat: Video/26][Breed: Acceptable][13 pkts/2491 bytes <-> 17 pkts/5890 bytes][Goodput ratio: 78/88][0.76 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/43 200/286 59/80][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 192/346 231/1094 40/422][Mapped IP/Port: 93.33.105.111:8466][RTP packets: 0/0][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (DCBD09778680)][Plen Bins: 10,13,23,0,26,10,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 192.168.43.169:53065 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][Stack: STUN.DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 40][DPI packets before monitoring: 22][cat: Video/26][Breed: Acceptable][19 pkts/3524 bytes <-> 21 pkts/6353 bytes][Goodput ratio: 77/86][1.19 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.286 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/45 153/178 50/56][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 185/303 231/1094 42/390][Mapped IP/Port: 93.33.105.111:8466][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (webrtc)][Plen Bins: 5,15,27,2,27,10,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][Stack: STUN.DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 30][DPI packets before monitoring: 14][cat: Video/26][Breed: Acceptable][13 pkts/2491 bytes <-> 17 pkts/5890 bytes][Goodput ratio: 78/88][0.76 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/43 200/286 59/80][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 192/346 231/1094 40/422][Mapped IP/Port: 93.33.105.111:8466][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (DCBD09778680)][Plen Bins: 10,13,23,0,26,10,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

From b6f0d0808650011f5b2da02f9556c8792eb0b671 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Sat, 29 Nov 2025 11:38:55 +0100
Subject: [PATCH 3/5] Added testing pcap files for EthernetIP

---
 tests/cfgs/default/pcap/ethernet_ip-cip.pcap  | Bin 0 -> 55708 bytes
 .../default/pcap/ethernet_ip-cip_io.pcapng    | Bin 0 -> 42556 bytes
 .../default/result/ethernet_ip-cip.pcap.out   |  37 ++++++++++++++++++
 .../result/ethernet_ip-cip_io.pcapng.out      |  36 +++++++++++++++++
 4 files changed, 73 insertions(+)
 create mode 100644 tests/cfgs/default/pcap/ethernet_ip-cip.pcap
 create mode 100644 tests/cfgs/default/pcap/ethernet_ip-cip_io.pcapng
 create mode 100644 tests/cfgs/default/result/ethernet_ip-cip.pcap.out
 create mode 100644 tests/cfgs/default/result/ethernet_ip-cip_io.pcapng.out

diff --git a/tests/cfgs/default/pcap/ethernet_ip-cip.pcap b/tests/cfgs/default/pcap/ethernet_ip-cip.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..d2903441cdb93e75fca7c75dbbdbf6dcc98c06e8
GIT binary patch
literal 55708
zcmd^|cU%<58^-4VDF-OlU@+k{7&~^1#ID$h6}wTIhyoJq(O=YHqGHa11&~C8#@<`(
ziW+-advDka8tbYE`g`AjY<Ab%x!nu@+~@A|xwss6+~zya%=66LyK{PXcYP@xA%XQO
zeG31O4|z8onL(OIMui(f<HCc7gohbIMjE2S<02wsBK!?{{7rR#LwHPNY@blLhmQ!3
zj*SZUjSUTs&HZf+e?#=ps3DQ?XrIC1al;}*!~4VrhYk!Mf-j&?jETs7YE6H`V0buq
z$dI_mkfB51`S2#9mx-TG>`6Hi9UR)Olc9#6Z}rNCkfD)LVTKyDo7DNrP`+7k-0;X4
z_{q1rZ?y`<fz%{{aL(a)R^_`!#)S{=9~?KZf}xf#yw*^D82z_OwJH%c>Q)b}Q~j%u
z@LK)CD*y#TkO}fA26z0Iz+e04_@95pkF^v%&yF~f@R-5X{i+e-0<U&~-?@<zq-|u(
z&=Ced-x|Kvs?_kS5)mE~9v2ykf140|y(8Sq=e_UC?hfR~jvmg=@H5^C+1}vMZSt8*
z%DT$VB!G~tkQ$B1SV!HQ^d<U8xQ}qXxVi|(ecjH;Z%S_O`Tl9r=Y+(Pt#JBwh4J<B
zn~vC#H2A;LxsE1l$s#hzNpEMc^U=8yPf~_dCVr$X=|;jx92rd#$V_5yXVCfRbff?t
zMf$-1mn$9(#>edNXoZi?2_A)Gc#aeNU+amzy`g_uV(`(CqWFwhADta3l6ySGM`sVu
zbS56c-*dsE{yy+%AvlMU_|tIVuTRD!N6H5|jm~Wpf}9G6c{ulkpYfhcD3=y;(go_<
zH6o21Qz{}OWVO18>qTV5arH{K_w*noe?U&|Iwejdk5hT_e(YNE7C0rq+aM($QjOFj
zL&z91i>xGD$XSv>;^BA5h>*V3a*ti%*go%ZJ2)ov7)cR$9zLRj-xD&cg0};{jsQD+
zPt*?nP6r$b8DHjl%iO<L6n>(A0#WAP=tFsrB2<*EGyRnZ{8yLv=J@AwUx|S6=1Koc
z0Cnyy_YLr^?R2@vh<fmbhXoKbW&V#w@dfzcdPh%|Mr%=xCQCJ1ue6chyraEm&JnE|
zO|V*xt|;lr(r5>&(ehG_Zr%YJeSsS7dsCZ66KqYR9s{0BH98Fi3OCef+0Q(kW8fI?
zAC04ZLu#W&?W)T(`ohR>x!K+`d(rIi$ld_`NX<CvMkYJKxJ5@R?1Fe6*k?Aw9dCF(
zwJLi$&xT{X%f~A+QQwhjAycY_EjKx?ekIhxi@)%Ez%LZeM><~Bg7eAk%6K+DaBmUV
zxk|O#{?)1(0)ht*36G00bdHP;H<S<RWcbq1G&m+WEEp^h&lk^I%yB^#CPzQYv6_@)
z{YplDYZKtuTr0<41dcdx{ligwJ}(-1I>*BA@ct3U5Pc`)IH$0b<JKm?F%&t*55!lN
zQOU6&`6Z7do=rWI=krMuCZ9T#PgNP8P~bBf__%51V-)zHKbYd<-PO~15d04BAMpv+
zcQ(mqH1J79K0C6IPid8W+=(%d51x(A<oRUxVDkBj^6{1NNd-O|+k3t{t(DId<U`X5
zy6QiCW+Dr?VLu!m<>?#;$9VsUPnbT4@^P2xXCv@AjeNHMjC`O+sp^LwWJ(^NT#v`M
z#B=$`Pj`B={L~*A=@Mm(P6MN7z$i(ppH8(}KlSFkS$^7;j-h2_ZTF1h8Z5-Nn;(E}
zr#|ydwKYH8<(;MMrxQ<kv;6dH+K($qHQHdIk>6gTy=PXO)_y!q80VDybZdq;%TK#e
zE!>rAVS5SC!d2A5!)vGo^?o`nuOI(+KXtyv<XDe##CeNoe%IhCa2(d&^TP+N9H$E$
zmHhPZYj2jHcBkW^tBm6?j%!#PIez~Wa#Zi9)AKkg`)TGICZGD0PX#HThQ)!;8sM`}
zE1yJxkCLBex*1r0+QTHDHNYnj`D}z`11)}<n8!!zr?@_VH}tPR>y~4AMMLTpMj4+#
z;PU|Z{G!z>W>~FPJZoN#<rTf?`0$xb*AF<ZkvF#67oThMiW#=%712pLN0g(mK7d&Z
zZ}?zxOgWZUG@^a@OQ}X1c^mni1z`;<LTewMX*Tm+8dr{$`FhhnTtKRYodrP)T~P~b
zmZBEaXTF)LGGFP3zN~)Sg!bbE8KbVis5LOEq_rQ<vf6$e_tuxykNePm{Hd(%T60|E
z3fOj06}9!_S+>@XpR{sO?#EZMeOdjuDecE!NHyBHf|1`f2-f)=wf5uLf)^`gz9DW^
zS(z`GYT>F>3%dq^7J^X=*TF@#WWL$?miaEbS7mW*MmgfVMU?p(2LngWlC`KLfumC9
z>t4DlEAxfW@z74jkpqq?$T4OKa#WxBlFVklpUW`$1W-PuWqeYMe7XzpiPEaGWPy)T
z<}2w}m6iEIP4P*00X`>@&(b=`r?kp70(X*ZHuHTu*N^2DEvQ%gB;#`u_~05`O|4#$
zVzplJ;|@QTSA^5?p_o+H>997~WC6C@IxlTrkz#9J5ufeB@QR&&tTC=7?Zcl-HQHo>
zk>4EwYgh%f_Tf2ZGheM!eyq&bk7^-Xs)gMVpoPn*g+Gp>7Sw0HIf|K2oQv<CW-@9;
z8R48n<O5AE10&F9)+w!wQiX9&$xq|&`LX;of-*WUW3+(dnifSy=V*UvsdAjFMN;$4
zPfy%ua%@dGmXdO8TGYtzvA1L`>Q{lIlAr#V?Z@)d{-(6H#~wJgL5|^jwE5|;X8m+~
z4wFwC%EwE_rw#C_Z^;_dZvr1BKRr^o4$Ds?P4cM^eBzPM?;W)H>2GHJbmi9#SbiFa
zd~{=EeByx*uEFis>Zfz9)=vwyYQXZ-fwbKUO2>yiur}B%2;0rAhBiN)YioWwCdE_g
zr{Z-!ugn0JMxnk1H2OcOMw<m0`MvNt-upDI8l7jg8coj%U}-d(YSc}t(Y>i07f=p0
z+O>x^jn1<*jdp8ekZM$%XBxi`U}e7c)MrXaH5yRP$p4iN>jR^;=9%9GpHa#)J>8nK
z@=OfX!U?Gs{z?Ze^g%5gS%+FspJ#s0w>-1Ly*Y~`)CobYN^u#-K1P0@0XUY@$}vsg
zsFY`7OE+ibnL(7}D=Ei)2H=>49D8<0j_TJ3(#+<WnPr%KI#ND3uM_3wfF$741LnUs
zwep!S@KMS$>9w1)@=UBrK0SaBtmk-;S@)5T`t^bNCi9HAAM$mXe4r)<^ix#EhXXz{
zfX`B`d=?-dW{t&!HqBXcukR?IXEOcF;JD^a$Y<sd<fDG>wIGjA0sQ!Z-b~e4v<(ep
z`6<+WfS(SRGHUJwjBpJuTC1P_VYPm`b6g<HPY2VsbCk6mtPM85h;4U(*2k!?vG~K*
z{ItQTa#BAPXTB|82C*~>^(~;$p)!p^UGx5zu!ho7t40@Etw!~Af>;_IN;T>r)#(10
z9M@twYP8U&IKHUY=t5i5=!ywdr5Y7`%@6)TtgHfcH{dlmClq;ci{(cCU`b2X78VI!
ztd#kjS_ZK)-!Q6$gHkOVED2h;g<9Bk7PX*0^DWBr8ax|tsQ*w`+n^PbBh=jhN325>
zbG!u{M*_!rT0MKQz)>mlx%LiXWxnB*<6{}eksR033putMjU3fyzQuVQ@oY@j)mHkJ
z$p`9gfDg{=M0{F$0iX52CtNF^B?2F%%;y^y#L9dlO!8R|d^#bY1h^nXOXgdW#|O{G
zbX{%3VN5<fDIcuc67%T<d@_MgWvzUcn$LU_f>@bvB<1r!rk_mUGa30zOhP{DGv88G
znQv=aFP5J|-3R#TAQ_{{M*dKFORl9_X0?90eswRFpN_(|OMWkHyF=wUu2pYrJ7WU2
zoq9iAW@~=>4XGpbQ*q|=?ij|>DAc!rMx&(~ZPnYzABOru?blK*w_1%xhJ>*+`ah~s
z+2?tO139jBRn+MDE7~-=+}1Rjv#x<uqvFh$5gx|Me0{0c;G9t8HLa@}`6F>Kch-C@
z)e6Cjl`>!AkT6!}`+<5*x^%oc5(ip<&ze2R`ZuTr^_g!)zGc2!Lzx_*ehD%S)**^H
zMgYfCz)|zHR4WCJN}2D@q%c<I8$&tXk#Rf)9Oog&rt^@a`pmb|Z05^JVDbr}d~jYT
z<}=U8A9Vvhny;l=CGb(od~fE4u`=ISQ+$rP0iW~8=LcWpqkf%lmD$X<b|I4w)Fpv_
z>}7n;1D^m(uBBRSHuD`_AI8dj<0zjDseX<Ia9o>0$Y=Cc<fA_GtyY!!`Z`9j{1j?{
zz)vHjjM@|eM&m5GmTHaF`swx(Q7k`=$F@u6Wo<VO+Aagz?$fc@cIq?V8e8+zsEFpu
ze%k2MD3+i0qy3o3G@4=Lk1evKer2sN&MEn6$?{PwKOIl|@m8r8jxFN2wy>t-L6#Rm
zEvWa?wfW|!6Dlw{Lj4l-^$${xZA%*Y<BpcBMXeJ!D*5S|dQmJt{fTnCF6DUK5jb{0
zj{aMaqk2DGXVy<&)@SnRPx;`yPUNR;I{=?Xz(@17RO<ykN`7kS7{&6_pH1><1bikT
zpP?WzEq=P*q@RlCUfsqGW_iT`$|pp|XA<ziH8{=JQf;tWuc(zenB^4{saME8&pQrl
zgMmG<-KH$j<`o-k%_|N+3RL!rPxlOFdBs4g(RWgf2KF@a++0hprP^pV^Yy$in3ee^
z(LQ`pI>vExK@0F%vj>U2ids;g`8KM`eAVlZV)bLF0RkWBBV#lJ7+tdDTB<*-wjZzQ
zJc`wiC)0lXMAmkfIPRNpY`YV4wDsdZZLJ@NFAQSz<8Gr^{TOPKK%;M@8vQ2R$e;LN
z$+c9Q1TS`mPY`e|2lt%V40pWYHJUg2jbdfKUuZvGC)L7<51@tLPz&>FqZYuBRqcaO
zi)_lb%vYyBlOxn70ms)ej=vfClThQOeJyIUz)>ml`HULH%6vx3QC35LvJY@PiyVFF
zx}^Hdx7lpw3mDDh1GP!O2j_L7%=gV%;FAJ;G+#@#Mc|{9`G!mz#manBO!7(LxOVQy
zCvqU_O#K?l7L%DTIal^n_kKZRorl5Cc>ic$sQw{wln?I1B;wP~9r)lHT+P|P;Q5qS
z)V*|ny<%jmlSAIVP>v+MTU;6E9uDxXcs|%4#cQm6`i%W|e4so2{kxwX>8qbcIh~XC
z$CI!Y*N*Np5d8wr%b<8((*2>_;Jn7e`{Ukvc>8C35T8#<U(xx<_aW>X0(C&3qZcwx
zu+P9LJ*=a=)B5@1HbF;9<CR<7Sk`zoo$^^J<#S38e11Y5r8LntUTw>_@hV|3lj9J|
z@wtrSPrz{ia7@+8al61#X}mh}^H|n+l}I_Bl5rdW9Cskc@(+-s`tfSJ+3~8#L?$1o
z<pG`H+(O(RcL1M1fKRYiK05?HO5@d~)UmAbYKBQZe*m9X$R~6J@=-rt?JzlBiRY-g
zw?DG7E!1TIpCB2ZSHR~g@F}mgCTyqGX4_US@vLk+3)?OEwoKPoIj;QyY`50cvE9_K
zXYRDMZ0lz?G}pXv4_3K%rRwAV^{$V-0%~JGqd2b+_2KphjQklpOV;6bVIOAJAGiB7
zo;63EP5bassTR)IffgWZdyqcvs0H<N)LnUf_~ZIxv7go}#bgBaF~A7xtHg{x0HX%L
zXs_0BE?pSsl>D?*wRo1FCQ(L<WsDkdT!%WyXj(61q(1+r=P|;w0kZ$0ZmwT-Cdcn7
zM_GRBPzN}|ddP=RtsHj?9F_buq**-6Pm@h*4c0?C3_^|ud*rCzPj}~W#IrG7H}`!2
zlMmGLfX*ICb=F}J@VNkdDrn`iN8qF6r#rgGv-~v0B%cewXEE~Wk%)ZM`{|xMK6p0&
z*3F6iv}t?-%TJ+>1o*U*@mXx-&la|%CTy?O`styh1eTwsV!I_@la3E(3v*mYSR04E
z6qaJUsrS>pw&tfNrj3^RsaT_}zfNRn6zVcSqk&S5b{uKs&-qzW6ZV(YYIJ40M3zQ>
zqZ+*;)#y1tj_X9PyMMh`n@0b#HH~g+IbNz!ah`GRkjTn>W2r`Q|4mVz=>&TWoQKbZ
zw6DYMGn@G;1ShgG-(2c5e@V4)z9(pb?lI7*8frm(=G&(#^IZ*LGJ^UT=*L)JC1wQs
z44jASD6<D>_2T`47b|7H4MP)InQtCtG*8AT2^ej|F@5|PWTZax?a#N&=Qy0n@kh!L
z=XPR_+koS1;HcNi@qoZlDf6{TNMvQc-%V=mHE?`^9E*L49MxyO17<T{)MO@~c*^IN
zjL!=rf1x_85uDJ<=b*qxDf5k=o5;$1X{PvGsLpYnD<Pk6HX<MOneU+4%olnnh2^JE
zmjV5-g_KX{O27x#;56^AeaLG4^xU}=mY*)bc1xD6L0^Ei!Ol6@ZV{WX-PC8kL$>Cp
z=eWsIKNV-bGb7Vj8l6Bj8X(hXj*-7O6>Gw@uJawXT8-{XPGf0wA=T&^;3WFqpNmsD
zE{H>ouAik%qlaxxqi@H~kZM$%`3!T?Seb7k)hNyhMLrw^`wU##V97e)5wn>uY*iX7
z^DUx2vt6o%OB*<@3*Bd+MJLpP`pkDkRpx83hRF!(W58>0k5Un%F0jwQrKgsx^Bonu
zSSj<B-J8bBe2XcgBpIWpz^Ebiml5-kk^0PcG~Y5`_+Lzp36vww?Zg}#8u`oZEm`L~
zCU8{Bd=Jj2u`=HhQ(C*+9ykt1j?S%+qx#Hu%xvbfyU64-new?T<1-xiBv`V}cU<73
zl=+Tlrm-^LQj>fVfX`~=)8qp3QJ?vao6USBKUvE1Q>e>;e%MgPXEpHIYsoqvXSIIX
zs_ashpDxFCOFk|gA1?3ZxUO)$ga>gih3%$3^KrK3r$2q3D)m!w=4&}+4NId_sYdHd
zHQIHYk-u`^l6AflR;y9RC2Lq3T}d@6`#kT;eU9r!uf3l@uPs-v(G#|&QP;HjQjLl;
zUzg=;SeXy%l3*OgIibjhyTLvK*Pwn&`#RrA!Dp26%&e_zSb1g@^_gkX@#>m8Xo2oC
z5K~uMo;jIsdFIwOCP%1W0*+^89APhlYtg__^R=I+1dd91#_7ZwR-Rc+Ic}73j0TS2
zj~*oFy0$!X%50u#bdt#@k@CTLomgjkfe(C6sQuc{(*hr*JQIIs4J*&AG0A5!@Og)P
zz8a)0&zv@yXT<%m>_a9Ws7nI<oR;x<2Yhb88kXko(K~~Dm^BvqtTn8;*ILSFtxP{R
zIIeq5<m2}a`KX_Joyp_#agBx8PrqorndPTY0|bofNEvmnY2>e$vSgj_tkwEy;oh5B
ze!3ppE_uJS?XH*NxE=+t?GF8lZKvK(&)S-wdUjbR^;3yP?b2Bqg}NKiXl<!RdlWG8
zHyT^A&UemgHJVc-ou$!@RHL%b^KLW-jh;u1daTu^(Q~$@(E@Jkq#6}_O}`T9tjq^B
zO`uVn6N<dJ2kbMD(a(}~zVm_?D`md0vgxeM_b2t5iPG^ZqaVlhEQDGJ(O9c?KF@3L
zY`~%ZL#^7DFPR*n_6ay1lXC0{dl6*p2acNec)K8QRLXo){nJ^QZxiJxtD(=>4;)({
z$LDs~r_`@uUC85zXJfin?dsP|K65A^oY#qT*0Y6?ze#|P<~`mn3Vf6@-&gI@S($IM
zDLyv|@EL=ADr>A&yO_rZ&*tA+HE}<@*NMpoYOp{*M`V1)0H3<RNAn(Um&|6q>f!0E
z%(sQ|St{*^H|qkQO~|Jb{Z2*oneURS%va@q2UvazH9){f_Wj#EHvyxemaOw#wpu@3
z_3HtapKimpOWrAKyP+J{i(Y&GLyk5-y=-fKdSvDnsh^57-?By=OQTSC0~)O&?Z>@f
zpMhI*ELrEfVznAA*@0tebO+U_?DM=^b2zRy-DhC`U~L+`Vrv@h(t5X4qhha_-kD=%
zzTc@vaZV`m;@+^&!0la@tn*zJyjUso6%ONAnQtfcnz7RH>h><s0^Mhzi^f{DtNE7s
z`iC<)LhTdu^?fpquouA{Z%fwst_d8KGGE6L94qtfq8t}WIo|OGjz`e5@0Qh;`L3DG
ze6b^$eCAU=IIk1y><IAbZpk{|b%Bpk=Br`kSeY-~B%kga_pLqhF=(t+yKXk~1x#o1
zff_8(&t55?Z|#9kq9yBmH_T?fALnzd%(t8JNt5X(5%_$Ke7qZ@e$;2a8>%wjuiMVC
z{1j?{fKfRaqpyL{aZA?uGOX55XI?nR^3%Q8cFBLr+U_{V^`Y0^`&HHErx~{9rz=k$
zl=`VS^R*gvjiphjy8(@sm1?vP>@#o|YJ|1d^WC&sjpj_b#?t6Ms?iNnjoy6$8oiF=
z%jg5zG<wt4G+JWf38_ZKnQvI)HCE<ZLN$tWLXj8uxo+g|ds?#2cT4bMrOfA?c8!(!
z_EWFHx=vAT=Y3C(>-!06q4j*!LQ9o<VALYF@-6d)%x7|h+9&AiJER=@egYgvShCJ{
zTi~da`C9&Yjg|QhP>#RJIF100?U3UoK&WM%@3z^@*MAd}&oasf=XD~T^=$`y)>*R7
zcSqo(l=-}mTw`UvgC_Z`13nXwPce<PYIn?LzG#lgXF27wO~z*e@Ofm(I^SKhnJ?(Z
zHCE<3MERu1^z#V#z+BLS6b(cDsLy<NRb{@iS$9}|3N=8`$Gl~Xb{Y8x<t$m}yJxk2
z`l$F_mY*KMwo6_mZMz5MI4*cPwq53KZGL*s*8J4B&;_ZViZkE#Est3mg_;`B=x0)m
z22VHg58GO@&UfExHTwJU$1IH=qZ(Zy)#$^v92XLb8m;zLn?~>3nnvFoxGvSGIP(=g
z^_Z3UpsootigQAd7l(uz`A6Sbvd;HF@M5LRcPZmBEAt(vUK1<T!lUm%3#q7u2K!J8
z>NDSie9L^bZ!tMS{S$D+`Z+PjRN#2hl6Ag^0!O9H*ZlQkR_5a<$5}FtCxPQ><am4_
za#a7>?nASgFZ2zQ&pOHn=XGK}r;U83t0n7vj|4tSnXj|k6ISLsVTw<tE60Vx`M~uX
zv|g>W%DII*d1N;8C3rkx^+Tw^0{yI)@(FbXKFusy=gTyk`CQ68VP(FPl+SdjelnW@
zpQgyiX#(m;edfzlmHDQ9^@`=EPy+;vK9MnM3XH~Dvd;I|YW=ist5+;PJ&kRbyhzq|
zV>vFYIJVu&1={@dv90-O-zN8@ek#s<yEC&{8ikq~&}ea~M#G95`Ns<_S?7CVwHoE$
zWwSJTmTL45sYV|!1dZN9jlRC3O`}h2O{3*sJ&|fuocZEDWV5^m>Y6~KI42Z&ao9a0
z|KzYG>wJF;UaXY)oC@Z!GT%AsHT|VpcygHI!r?Pg4^rbkYC(PG`#aw<pI@OI7DuRm
z0*+WeC*m0HZRG#1XvsR?Q-PyW<~v>{hn4xxQ;tR{$G<BA$F9h6&lKdSKJz^_oB1An
z!Q``*^1*qXm`_*W6K2Ue-!p-aQs!&*RSqljT`<Wf4ERh%J~^KuAN85<nc2+OtR9mO
z)L?;rmdp4|1wOFny7qd$=VmisufQBu=DSGwOp@v6H{f#s`Mg_-eAH*Y=c+QFF3rKk
zSw{%oKiZ!=D+FqQfKeeCqXWR`q9yBmFRa#2!&W)C^aMtDC$jy*b%FZJ*mlWtWo>tn
z<NBpw+trK4wo`u%#|vBY(`Ac!Wj}qo*1;tPu;cwBjrI+J+9c5E5~)V}r5O3A?{S?^
z>wZfwg>g>FPp9p2aG4Eff_J$V$VB}W+K=&jj6|QCJ$(;afVBt@Qqc~zpx#ek=9{11
zOJ{O~+9cqJd(evfqTfj)|Lj}fI8ZCcR{}>RKV5dl!6g<D;{79zA^NM7;{++kXWw#M
zgbQ-qvIJkL-cMhd_0xlAnS9bIADq{T_(Zq>pJd=uT`M16;G^WHH}5;Rz=e$j?;r6A
z)?YKpCmHy_wM!o4WgX;GTJ;(VZ_-c2b1z>{H<nlIp?vf*K8=A7uED+0x@XdBtM!Vx
zW!+d_af5n=?DM>5ur}DgD7M=Uy2h&BD_+~0S6uk~y|Pz~>gC4rioH~$3#1zDU)0Dy
z=Pg<1dt)~9jT!3Z5(nKE?;rKyFntE?!{el5+;bkZ&<3^e_fhP_>NDRPRhe(*!J@2w
z3^hRD15PqVZH)Yj8kVf{y|vnY{QZrhtbTlp_T$;owtG>7<03!9wtGJc+fIEyers#}
zc=g2sU(he;G4&k>#cvm7_2d0iqrXcv8u^)#e+hH#tT?S+oF#a%Qs!IotSBq<-KPDx
zhg1tMyMh*iPz#@zMJ=e$d|COH`Sv_#a)jC>=<B!#ttit(1_4L7hU~)!tsLJ89F;QP
zX2)Wz%y)-!93$hn2{;;&<H{q*QGMonXEyWQa4N>q8Pp~LADq{T`51xEGvK57J6p2_
zK1!KyU8!QM%y-u$pJ%{lAM&~11No@WeA#9*U(|RnmRB66eC%X=_8IwCxCW>BJ6m(C
z)+;t7d9l3WKJ^OO=XtMSZE!#mwp+t=ZC;UMYhLken!B=B=u^B{efS8~XsT4B1Coq9
z5A~PtBeafj@6Beu@yonenePGZ!y~0*9N!MKz@Zjy{f$~spZVS^W<K#}64@)5jE+)9
zb7YJ-U^E#RRnp4ngD}o1`Dy8NFP5J^q>MVt7)|E5flkP%ctd2Q-cLW|o1gaI&EyER
zRNxmlw-forKquh%$da`v;%uMyeTGVYTH&l0%TFJf)Ed-|4s3`V|G0x3)%z)Nj)!TC
zj^Npt-ecgqb4)%^Uj%%TWqcYM`PXHE&vdOi(+PZ({50XA7t2pGP4RhM7WfQDKG%mJ
zAN78!%j1J*^Y0!5;x&|UMZRG9Db&S`btKs`KEr_zuEBNFx`txsthY1R`RH7UC$w^9
z;z!z&ZX^t5qoYXznMpuhIv<^m6u_fMA2?@MJfb^M+2PR&ADt6C3disqCuny)v9~w$
zFG~zQI#Lv$5$mI~BSmtLr}*gX;hE0FL->0xc+}qq9xVjtP!fL{j_*kS`eZzEB*+K9
z;|%8kc*F0@z3cM@%TJ$RyCqMSjt{S4Z7`}8w%gKK*lz0QUUtq2@V-dNhg1V)4<Td7
zEV7bpA!kVj$<=%Tct+o9xyP<>Y@heI9UK#SjHC!~!bf!QdqQSa@OHr05nzYk2})?s
z(ZO#~A>+$jZ<+h|io#FyPaw+N8+|D6QG`lJF#wA<54h{{-W)q(?kf>6-aP4l382os
z<-P&FwVf{a7*YFvUR>&@VvYW}zamScr>I7=q#BKCW#r$)!#ZD0ts1qrT8(bGP?4q4
zr&Obpq#At_&vDUSsL|(}v}x4d)->vVs+3ft;ymMUr6McyK@Ar8%nYeUqrHs$+a<7u
zRZy$XI0!zYlxJ!`s>sSS&rk~~fl@8JT>@I@gj&#_LoKM!GY)w^gJ%Ot@jvXDG%1tG
z@eJjdDC5}4$Y(jjI?F1p9192>mGaEP4;5K?<~ijUC*_#s3>+b+dXPDzkz*McAMFYQ
z785r+l13ch8>QcmT}uj*0%r4!v#t_LXHZ84I>ULLDDOqXKB8GofX@)Ed>jQnN_i%u
zcqLYzd0~=I6X3HK`J4sg(voK!P39SKKWyX0<O8)uzz6q-74w08M6*U&vcBYme3<)W
zep#s!Ywq=u@`;h@XB6;xhkQ;aAs_W~FQ+^{xgL*ln+bO`Sh1h3ZCr!pr%)FIneU~H
z(K}#-YjAtD`l++k`st>=HCTSiW7{Ri%i0ds24jw4+XZW^S#-8FKYiETN9w0yjaDw;
z&(i26s!`eZrpFvJ^6##|`oLVR8g;Q+jjk)=&(i1{s!`eJdGD@p+@N`=(G_QKd{I9y
zaj`XxI=EGqYE<ksg-iIeyclY*z-w?$DDs*?^Nf6s4(84ywR*8$@M5LRSGcS{EAzdj
zUW4BuC8`6;(Sa7uqZZ!3K`p4yeENLLd?8;lIYRvsa7>VKJP#a$fn!On99;#DN||qN
zU4K^Q%c2|y$T$XbTx=oaIAtDkRG;}=&1Sy&{!BhlmjrxpUMJF7EbJqi1J}r9U)RdV
zP2i)H`TV}|XJx*3Ci$cSpBBjHkT3F4zlP;zHuE`lWb%Q!B;bSl!;1N|06u4c&mygS
z+|6dbgfM?r=F6sh`pNWj2KbCYJ_oiUAN85fT~+3rxv??JPj4V2k||>}#>l_-07e6}
z`e{L{@>3ksaY1TjLTS(Na;aCbt`qM^dvsdyz@D`4veoPTI6`_jlK?_`Id8}In{!DY
z)}y9Ati0=tGpmbqY5&uik!L?Z-Cb6hu-@2yrO3+<hd00<A$?*;h7O93?t{m8)5Ck=
XoNsH$oJ(tA3C*2&;HoG52G8UF*A81D

literal 0
HcmV?d00001

diff --git a/tests/cfgs/default/pcap/ethernet_ip-cip_io.pcapng b/tests/cfgs/default/pcap/ethernet_ip-cip_io.pcapng
new file mode 100644
index 0000000000000000000000000000000000000000..5657add20c2b73f280b24ea337f34cfae53c2321
GIT binary patch
literal 42556
zcmchg2Y40L)`o{rq=O2GfI3z{NJt=5Q9@60((6e-NjQW^5f4QWX)0nz0ciq?h#eHg
zD|#*XtJmJ!6$K1Ux^w~p-o4kH`DZOWd(Dm#&hzA<2=nf>_sqM$H5tbGjT+T&Q^PP4
zdv|ChelY$FergzVj6vli{AOvuUp&@7#4MR;j`Ro0%14#;GV9C#64lG}k18KsR4Tsw
z6N*QU9^sD|U0OWa`mddPnIp%I7+WrWw`hz%FuuIhUo^V7bhv-4{0s00N0nKBv`a5@
zjQH*1v10?}CF915KQAEYui-y$)HK=}Ba2Iu)6LG^BBDB)CF9CR3^6-*?bp4B*=|5_
z;Fj`H;#Uz-5s~eUT1FQmQH<FyN7XL7Jm4QQtT-^dy%`-L{;t_>Jp33Q8D7@8XH;qT
zs2(N$=%N1hVipWT&WW6lX5vf!Xo#cPKevCxzZZ-CT$oYE@Q)f3)h*I6>WRNyPyDxr
zMhhdMeAKuJX19pW5s~4YyM>qeNBINgrSjN@A^(0I@ij#LLVU`et8L6Uux@QX@pJiQ
zT(bCs3pYfsJAT?fysk0uO(Xi`4#S8!|M(;8o~hANe6^^%s_rVoTy<HP5jL%^QL~Q6
z_<3$0W3@QyikUl_)D(x1$3Bzs2+!CFjJcFC>`{wR?*fnUMUY__>;Eoe7ck~fhVNO6
z5mw7%Y|voL<LlTBjM<b?zR+USZ{{&R`{#^3z<8K4Zk%s18no~jpJ*`V^L6Y6#zT}b
z{1J=Mu%*ZN=$|w80b>?rl&r8Awd#6|pA?KW@;ntEdG0O{b<7n%mtTK5ckep+J1}|^
zMqp3yysFdCV|)(`uMu{$Jiyui$g!SzEiB~cem{))0WxN@@Of)qYJ_==UlsF$uW1*?
z0btxu8UDvC#(9lB#<v=bMSL9xfpH&YlrFazwd;F~9~BH=a2e$KO2!T1*YeA<lC{dh
zO@<NK{2|GxSS1)OBnRBoW^yfy(IDnQV^;Ip!cAe|R(aer*TSWSLr}xLw1%NetmD^h
z>M_1n)PUFGQGT8d1LGdb*xTA-NWcCPWccq>`_+YU1Q>TyMj7(!ml|~}=Ib~LjG2^C
zg#5ZugRzNc90SH(lraqX^>YnI1<$Ai#th0RM}GZOgRz-s90$golyM{S>&O3`aRL~3
zP)0HG>v{!4I!k`!^|wXTA>As!LiqI$U_=r|Abf#!?n=M@01U6OZmc}O+5gC~o_S5n
zF*AAQB#e1F8M9e{{92)y7hiDra$dFyMpeD^V9-nTW2U%zNgki6;S|&`jn*&(`TILX
z4cJRAjMKoFN*N`{-~ZKMY~$<r6Btt{!;k#>je>#KLNb`OcvvzjRtg5%Bfbu<MV*)%
zjE6$(5%~DK{>Je)2ajJnCL-kV@jC2g=SVEI%-@sg97VKr_6Iw+UO7v>KkVTdqV*7r
z+bClw+8@4BtOKrNAI}H_#w5xpMEk=g1p}|eets=N=7ABxwP+Z#)b+Y+age+2PKowL
z%+sy3hBCDO==3QU@r+u)m`EAJ(Eg*-L$u@>wSh5#GRo2ZqtipUFoc%HT-`z$KD7VX
zedC!uopieVNY7p@>X3Vn{QB$ubLu=`Ttygxk#n8>$I6&qW9kHXfV2Mzwg1R5tKEI7
zE{u5`8MB#>_Mgp)>i}PCt$2pG6(Ht*EM=6U{lV&c<j$$?r(GEJfiZ?MiqZa{>ffqR
zM+0C4C}RlPA9VVZ*8E&G1jfyjaZ@wLuXb*&n637!muEBr#%Rj$BfskO5iX3zz_^Jr
z3XorQ`o>(ojwZkuMHxep|8)9@Jf6`M7$Yg84Eawd<LC2?^MNsfGKL}l>16x@o^b&%
zhEqln@}J$;op}vn|IHN)#(x(AL*AEj?#%^We8};imC?LL@7vD4`{WTr`EMRSFU?@g
z<z&oe9`fH74gbyO8O?z)j511)|E#`*_n!-+1u)7e!-xE*>aVc>7Vvdk1dO4SQHuPh
zlk*qyjF!OgQ^xA1j{odjwsfA_e~Wp>#lRRs8AFi&R5>5d)ssA<6);LEBOm!sr>}cK
zFsj;1yco=vbz=%$v;M1m4XvSu5?X^F`Bf)}|BGj|0Y))p3`Ks`$*`~Sj7xywql_}-
zSDg&ImS<cFj3UY?M1HmVBF?X`3kKuY%Yf04FarDUcl>H)9ItU=>bdi)95a(IO&D_l
z8MB#-{JK@cuW#^-%Yl(k8O6x2s(ZWmdOpN6t^h_JWfUR5s`>}aIKnfo1V%1plpw$A
z<YX7dRlvxhi~|iFzuLL1V3FFdNBKIg28Ne1N|9f6a`G{raSbrCDI*X0Ri|&M<QZ*&
zkwqCpkpFaYvJ0afFfu8_kNl^TVUP25h;QzS{wsqrh9dvzWY`lt<62;(Q$_*upWU}`
z{`*5P82@zuhCvvC$a@_BSsBM`ynaXZ`p*|Uyu2qM$IR@}A@2d@1^4JiF{?t}1H#8Y
z`8SRqA3T2Jn72b7A3Nz3zpfo&&Qr;pn>one+cf-rnrDOqBZV@2$lp5mcK_rV5x_{M
zj6&pZRsVzM$~eUCb)A5bL>a}%-#R(JJI{y&Mj~Z&spt6H&Xui}s{P%QXG8%bfig;v
zzjbncFP_mE7#_;VMgG?5yIdGufDum_rO4kpIlnhwM>H_vC}Rlnw@yZOVRQvXEM@qS
zzjZS5^?V)OfH9ad@{zyozKiqs4T8b=ySrpm9wv-HV20ywD?@pW@iVK}-}svD!_P|(
zn3sWM%%&IlZ@Y&7To^rpF@Q3PkpFb<UH0Yc=mm`alu>~Er|M7eT)8l=14ci}@FD-{
z<naD{9le3kmofsi9sk+6Z~Zd0{|54m>wytN8O6wdIyrnW&k&J8WU@Y#k%RoF(-*lg
z`T*kw$|ynp)5+nJ_&Q>MaXn>}BLC@R<jFjvFEHqHQ|1ulKb?#`g=dHsR;<T$w2nOF
zKf5pD{3jWV|N2Wt<qpCKygc3UpOrzpM%Vk!o&Tot^D+SDr6(D)nT`DSn}+|U@eJ|s
zl$iS-lu?NMr*rSpg)s;i-6<m<`A^lKVE;|$>lh4-Zj@1k{HK#+Z|51}ky$ZUT`A+0
z8jk<$+_YeY+JATOj5uIKQ-%-uPbbH^FyevHg)+Rze>#1|489HzFgjC4G4h{Ij=hU#
zBmg6dGD?vDR2dWZc#^^Nkh3MD;swD#&x{-l_IR~oE;Sww@yrN5Z)fr~Bti}Jxhb<0
z`Bf*w-orDJfYFK0Q!etW-M4UleOE9Tza~pY<u8O0I5gSutCexQ#-Rt#onPPM=OqQ^
zC7g`e%tC(Mq2br}c}6NQI#Naf@~h6h%MW=*8ZbIgMjrC3s(--e>GwP%9T?YAMj`U6
zPEOvyGcthDo-z)fa{OxNvdm}Ie%-<|GJ(;KGK!F2b#n4no{<HNwv>^L{HoKpY~vZ(
zz_^Aoe8{glIe9zJ@B-s%$|y#DRb^Q0SIMZVUu)VuMNDH?zwY2`$blN@b3tYa@~cip
z-pMm^fpI0BryS&0yD#GWDjAGl^CYA4E5Zmw-|G0)%1~Zowb-$$<FiH_RDPEnJ7X6=
zFZnPpmy<D@naHm@HT=4dXA}U#q>OyzSDkx{?GLl}77KxK8D-=mzpDBZJXalfMiDSB
zrHlgPSDhU0!tep(63Xa$!ttw}`z~Bb{VM(<eB?d%j-n3cdJg%F?YdxIIxi;4_50%C
z{5%yy4Q*%*g~;DJIp2j*0*uy_k%j!N(|2{^>nH_AE6ONB{#NCDycUvC)wNg}T#I@!
zqg>Y_lCMFW-l8A6nAYG!`-4u#kK!4AV9@89%wptkRmR8HUT2;$6c`uLI=sl=c3;Q&
zTQV4bmq|wD`-Bk~JKpiPmC?M$=y}15?JWNg%HLi1c^L-t(wvOh%s~F$rQz?cJfj>K
z%_t)e`CI4SXg8j5BQP$cj2z@|RsVy}q3%3mI4~}tjC|y8ot!_BXN&;G`IHej>iFBv
zmEXTa{f+CG%riy;qbX$+AiwJ5{OLSn6fl}lMkeyBPTw_$XWRsg#*|Tr{Hl}l=ktuw
zz-UAnMaX|T8GHfHxEUDqxg*nu{HMy`c+D5`i~uki&^oe_|Lnet^WP%DVEi{mGAh>+
zM&RXu<3B4yd5x$=XIXr~!-ewSqx`&#g?Xt*#%!h||LxZB-x8iN4j6SQBNzEk=ica2
zo-rO6=TU|i`A^lK;B)9Po^cB>>QF`=@}Eu)f1GECf4L#@Ms3P?`Jm%JJD1H}qxRo2
zo-q*^wJ0MW`A;W@yD)AAMor4dK>pL|i<a|sOaew2WfUO)>Ez@Jo*|wj7wb`jG76FZ
zR2deZS6g|;WMI(ej?5zDKb?%Zoo7sujLJW09a+eKc3;H#Pcj()iKjvZL*7T0S=M@Y
zM&RHm$A4A^@f!P=oIC&R<mY7?jQJE9vzdncw@1T&yLiTQV4S3k9OOTpdzX87#_hoP
zgEF#_|5W)NpQn3yhIr~ttnUfR$VL9s$+7!+#+|@8P8kRGIsUVAQ^s1g{|@qu8NjHd
zj6CE&RgU!qPg{A9;E-TcwJ*Ib*q6$8HH7+ixOgp2^EKQBH5{Wgq$9uT^eqjJu=j+-
zQ!-+`k5WcH@~cixZo)I}2F4M}C_sMI$*@g%#y!BG&jp!<$gesX)`f8|Fb>f=GLc{H
zzJ>FvSJc7yReaZ8tjFVo5$HVJ@vD__yvB>m&YfTL`MJLz#(aQ`*-S-#-K*i(0-o^z
zF!oc17x`7^-en=r5Z}=gbN@SKWFfz*`UiYX7x9c)z}QC_ImoZ7oQ%CRUofibr3Zpu
zlJ9D8^U?yo26!I1axbl+%WlWtcJ4d>O|`!l@(j5DTDgZZa*@Ava`>Y>1HLC-xtlW5
zkY9EBA{WLSSnpkwk%#=MlfxJDbqJk^^L8g?<RibTGBQ4=9uo}aoPxPJ^Z9|Vg6EWc
z=Y-qy1CR4HJOVY)=bFrX<ZmZ~|Ezpp+A^LY?nsJx`i;(0I`X&OcNqp{tU;OJ3Bh3e
zJs%iz2_rDR%<;FC(Y(fuE6$z2Gmf$uU;&JI8yT~ijQqXt|NTwp1)o28f>G7;ry_X%
z$ajjkoj;{~4GW=$t+a+Lv_ClaMrjS$-8b_LaYsj-KU*jx1MLq^f2C%O;~9?vV>4xB
zqy53@BPau}#RPsWLVj;+cyKM`J4M{~hlzX*i=l=JT0`k?&i-KM)=ls1R9?%s@(j^k
zinaKaGQ4PiaQYNFPk6m2@r<Rw*hCpAXn%0}Mm6I$p79tkHd00o+8>-gMa`JZGad)V
z2Fl1q`-7A5)r=`TL!?o$9`v~>GY|RO$@pr<RG#q!Fn*?Wq#=LXeIw`ZX@bG{dpR)f
zCXB%1Qpev`2J{;JpFMZ}p3cw9lQ8C=$e7I}<nP}V{>InB?L0&5R$_hsOBtESug<+!
z_4<Y#WA~w_fbk<`q$9sN{gs+gpJzM`j2|c?3;EUQBh-urJmVQ)d`}toZgKo)=gQaK
zQ~R$W&k$#ySdZ^0BOCe8=_Ay2G~yZ00pnZBNJjp1`Z_hEG0%7&7~fEa7x~Z0`D#WJ
zp78=OzNU;E<Uc2as~OFC#!6t&=bFr1<Uc2as~N3%#wuWZN$W^O{<Hfo&VN@42IIdM
zfpHsQ1l}uh{AXnxuhCjmTpb^owa<J$E1aK~mtf4FlQEl#$bb7a{1?G9Rs-WR%E&<e
zbMC#W*S8bTco`U<Qbro`pQ=B>9(Q590*p^6BNO>gm6LtJ#g_L)BSjrm&HAf?`BJ`9
z#4YPb@$)235#hd%X$`A4IexWs*{l!Mex1TIUIoTSl#zw}s><PbE$-kM{{qH`l#zt|
zs_MHi<4&IO8ZiDt8QI9MIyrd;&sYnL4=BTn{Hl{-@8TJ+1A{(yWac2h>SWlNJmU>u
zyhrOuL4LLS7S6Ad!T9yxz!*&!fgO2{U#*PeHI4|YRmUfkU+41k@+OS=T{31f0r~ZS
zhF_QPjJJTXjxy4bU!8leYQHYy8E*sQ9m+^WepU4k_<DPiXS@T9w<#k7`BjyZeZj?+
zetk+X7{7+>-*bb0mG6TH)xZDK<HrS$FW(0d>iBq$p62Ih9n8^NbdG-b+3~lXE6YDs
z`}-N5@h&jlq>N1DZ=Ia~EYJ8qVEmgh5|O`k`mW79<2_)!K^a-d-#R&e8_#$j7_U=C
zHuASl26th601W!vl<7tO*2&=8`8xgsjMr!#$;jV!-^Ka+H^E^1{UI=h5JsSh*YUTN
z(Y(gzQnc0Z3FYq{{JeYwV}6y4+4LZPAJp*oZl3WmFxF5;8uGW!z0tiq;}c-KLK!K@
z->UuxyUB&|DKK89jCAC0ot*zWU&m*_SWOuxe{}q3=e~Yls{MC>XM7Hfmnb6x`A?Pe
z@mw9`8D9Y7MaoD({?qBZTo_*hV-;m&BLC^+@I!nZUjbt!Wn>}$>15=?JmYI%(C4Pi
zY~(+kj2v0X-aq>W7|+u>l92!GzKHW*v|up)`xY2p!U#lXIR3LTl-GD#bOqJ%3FW`8
z{JeYzV}6#5*^Ed2JEY;iZam|AU_3(^smOmi_b$8hj30pUG-V_s|Ec;Dd`<V@89xH!
zDauGg{?p0fJ$c4|fw6)zuK3RJpPidpf2;Q2bv)xIU_40~>BxVo9FFIzH_uoPjOCQ!
zLH^U}i*Dc<KLg_l%E&<e)5);|c*ZZlSVkF{$bUK+Gmd9$00w=o$;?9j)5)00JYyp;
z9;0<6BLCTa1?Rsk!C?Hi2^a~45y(w({AXnluQ5$@&DHS<<v%Y!FTcW=myj`=amas%
zHT;*uGb(_wm@-n3|8(wM&gU7Mf$=D1Bq9H)@;$z$7xIiPz*s~XsmOn-9P0}%w(Q>*
z2?o=@!!tn@a-T-;;y4iOujRWqX1lzLLmt1M;K{GQ{68e3Pi=)77SbAGzjFL)=d!~;
zsQtQ_XKVw;0?J53e$~mzE{yHKm`@q;$getm%M!kh-+(cXGSZP>b#n4jp0NWMk5EPi
z@~cjUeT--91O|QX$jn53)yc3fj9tK(L+eODezp4+&aaP)IvBt121X2F1a41o{Ay(!
zuaUh@p8RM36Uwj4`MKW%V}6*7*^EVgJ)+@P7sg&-JVY7E$gf)WF8Mn40b>?rBqG16
z`UmXS6+Gj2U_3|}Dafy?oa_rOwe+iGRMoFxwS)c>@8WRt>o0r_`=N#hXbq!2bNp)O
zzR%aI{koB79011sl#z=3s*}Sv@r;AOxQ{a8kY9EBqF;H&Az<7~8EMF`Iyu~haTpl)
zP)0iPt4>C);OjU74EkJ<nSuPOlaV*`jHAGqN$c<+zuJ8f=U2&K{CW%+(S#9rCf4z*
zm7%;w<ojpet@4PW{JMpomr5A(3^HbOF!JkB4Zm*X8OMQfCuJldzv|pu+{QCb0OJnI
zNI-s7^(VgIQb_l07YxRIA)nKJCzvhedrRED_r8O#;SZ?cc3ML+^0zAI;~FHRsx>SL
z)*#>a;a0;=zJ`-f!*p81ypJ4z+qv?|jcR}I;u)uaF^w`(kiS)Z1l~(ikFz=dG%%)8
zMlABTPG6V7GyVj|6v{|N{?^I)nJhz;A)n`%Oc`m&-#QsQi)YjT27Ru{Oh^9K$>7;M
zBMcamXdUs$-*(@{`P(ZPYJZ=u35<4x5%^+&<8LdYd5wDFyFS(N3FYq`eqL(9m?x4k
zn}d+Qk7@WjmuJ)l#stbpME=&fH=4&Y#A9jVJiUc7Jjmaw{s&*v`8?x1V2r1XB;;3}
zobSS@3yg7;@y7d(|Loj1b+g)kg?t_LfH9Ubl9B&ZIUmne5znX(j4_lk82L}9@AC1C
z2EYhVMhfzuP7W{T84ZDPGi9VA|LJ7p5}wfr81%U#GY$DqCnJB#Ga3WqCR#@v@}J!o
zasK;4Fc|+e0Y)3b2poxV{AXn-uTdeslUp61Q2zUhpO>aE=8<H~=0N1XN)7*g!!ynY
z#t6ztK>pLYH|oN;02sq5BOdur)t}&N`dhw^3xRPXWh5g1>E!V5c}6o}lvBp$b&mh+
z+?2Il?Y|#+Msr{cql_fvKUGe~bM+I?XaS5e${2+Fr_&d?FfIbdP|8R~{?o~^>-job
z0>e)kDae018S`hJaWOFHb30}#@}Ew|+`uzh0i%@G5sUn1_Z6J~HVOvgzt+HLN*ICG
z*E{~RGKklBLp(WA9iLGC+r-aH8yIsj8M8S6`R}-f|9;~cmjJ^@86M<6oqLyep5Xee
z)0YCHh%(}k|5W+j7hDM0zuzYqRqcHz1$$rlP7$}>_W{0!%b<orT0;Wzt4>aSkY|{{
zD4>jbZ#jOob6LbLwO?oPjLU(MPZ^2GuR1yTA)avsF!Cs4Ao8nD-|{fexDpt-l#zt|
zs*{sl7*_!!hcc3pUv)C<Y`%`GfkB@OGE<OWbu#Q6o^cH@vS}TIkzeh;h4brN!C?H_
z78tb%Bhas><5w%=c#YZONvP`hg!1bWeqP$am@~<k&Hl)*Clr451q+Z~dQLE^>ZSXG
zUXt$=ar4qEd=2fPh74LmJo2~d-YCvXYk0=Bz(}WzSmbY2e^LcT2VkU8h6njomBaB`
z)c%8Ai;&L`d>LE|`7Vx7-`~Q=ulF~O|7-C0@?8y~j*sW4fjGYU`GnIQVUAMi97VqF
z><@Nst+P+PKQ!bS;lN0tj0Chl==2dTj0j*PQ^o+aKdAaTycW&)wFr4X|Hj~2$agik
zU3VrwPo1EKBw9lv+JAKVly*EL5*Ue;k%aaiogShC&xisBeJ;yPM*ELW57CilbOwfp
z)-ed}KX%{9?LXmy!R$X>B;!~mVFb#%I{S~6F~$31#FLuU@d>s6bmHeF8s;UAjM?mm
z_Mbl#`ww=83!^JAVksjI?GHNlUL*NBx&dP_Wei69gQ|bSb+|CP17i?n#H0N|r%#FE
z>*xWDfs~Q;s^eEXw{AM1_Ujm)(GwU0D8qyNs?$f@!ZUgSqd#TzM}F1m8z=IN>wwXZ
zG7^ygboz)%Jfk--`cg(B@}Ew|cVS!)4Eo%ZnS}hOlkq3>b%=N<zW>pO)-e$I&+h9u
z|4kJP#(#Yz<Jca;2+WFd{AXn}@%|O@WOQ|WLiukRKQA#bFV~YXn|+c0PHOmXI?w0}
zjNX(Hi~Of^@AY<`AtIYt-|Hx25b~d@zry~zgJ<*yMlZ^UL;lmr`LlS&0ATc_jN4W_
z{<Cx0+9PWJE#?^mfzg99;*tMUIUmo}GM+IA7~LtOAM&40U$<N^n7%G#FR?P1FXg)$
z+_L`Dd<}!4hHkV55Av%{4zG2R?I&V^(Ume1kY9B&Y%87-2Mqe$l$nV9s*_<`^Ne_4
zbfI+&Kz_CRBF?Xu2nOR<k7OMCl`sOYhC6<>GLF}1BmSjBb$mkkRgRhI7ZYG!qR5!d
z806Pe8h*W$XCwk6k}?J(zpC!-;_LY`o{<EMPLwea`Bl|FRDqEUj0nnzMSj)E$(QqW
zqyQtFGM-rJ_|?v34<A?i)rFA?jE<BMhy1FOldt6KNCQR(%IJ&ys?)bz#WT`@aV=%U
zBme2-<g0l`1~A%Fh6njiC&OODGctiepF1)WkpFZtY+Ig@1&p?|j{eAhcHhGJubp5p
e{>zq(W8V=*V10YXe^$ov8b>!*hyASQU;hUhpl~Mu

literal 0
HcmV?d00001

diff --git a/tests/cfgs/default/result/ethernet_ip-cip.pcap.out b/tests/cfgs/default/result/ethernet_ip-cip.pcap.out
new file mode 100644
index 000000000..821bc1ea5
--- /dev/null
+++ b/tests/cfgs/default/result/ethernet_ip-cip.pcap.out
@@ -0,0 +1,37 @@
+DPI Packets (TCP):	2	(1.00 pkts/flow)
+Confidence DPI              : 2 (flows)
+Num dissector calls: 2 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+Hash malicious ja4:        0/0 (search/found)
+Hash malicious sha1:       0/0 (search/found)
+Hash TCP fingerprints:     0/0 (search/found)
+Hash public domain suffix: 0/0 (search/found)
+Hash ja4 custom protos:    0/0 (search/found)
+Hash fp custom protos:     0/0 (search/found)
+Hash url custom protos:    0/0 (search/found)
+
+EthernetIP	268	46394	2
+
+Acceptable                     268 46394         2            
+
+Network                        268 46394         2            
+
+	1	TCP 192.168.10.105:3033 <-> 192.168.10.120:44818 [proto: 278/EthernetIP][Stack: EthernetIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 278/EthernetIP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][134 pkts/21062 bytes <-> 133 pkts/25222 bytes][Goodput ratio: 66/72][20.01 sec][bytes ratio: -0.090 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/4 154/151 508/505 221/220][Pkt Len c2s/s2c min/avg/max/stddev: 110/110 157/190 264/347 71/104][PLAIN TEXT (00 Eastern Time )][Plen Bins: 0,61,0,9,0,0,15,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 10.100.90.51:37844 -> 10.100.40.11:44818 [VLAN: 90][proto: 278/EthernetIP][Stack: EthernetIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 278/EthernetIP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/110 bytes -> 0 pkts/0 bytes][Goodput ratio: 47/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (pycomm)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/ethernet_ip-cip_io.pcapng.out b/tests/cfgs/default/result/ethernet_ip-cip_io.pcapng.out
new file mode 100644
index 000000000..cb80702bb
--- /dev/null
+++ b/tests/cfgs/default/result/ethernet_ip-cip_io.pcapng.out
@@ -0,0 +1,36 @@
+DPI Packets (UDP):	1	(1.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+Hash malicious ja4:        0/0 (search/found)
+Hash malicious sha1:       0/0 (search/found)
+Hash TCP fingerprints:     0/0 (search/found)
+Hash public domain suffix: 0/0 (search/found)
+Hash ja4 custom protos:    0/0 (search/found)
+Hash fp custom protos:     0/0 (search/found)
+Hash url custom protos:    0/0 (search/found)
+
+CIP	398	28690	1
+
+Acceptable                     398 28690         1            
+
+IoT-Scada                      398 28690         1            
+
+	1	UDP 192.168.1.24:2222 <-> 192.168.1.22:2222 [proto: 393/CIP][Stack: CIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 393/CIP, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][Breed: Acceptable][368 pkts/26830 bytes <-> 30 pkts/1860 bytes][Goodput ratio: 42/32][0.00 sec][bytes ratio: 0.870 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/62 73/62 148/62 23/0][Plen Bins: 92,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

From b7ef41e09149c58e7799f3648c34b858274d7b0a Mon Sep 17 00:00:00 2001
From: Ivan Nardi <nardi.ivan@gmail.com>
Date: Sun, 30 Nov 2025 14:49:14 +0100
Subject: [PATCH 4/5] Revert "fuzz: temporary hack for introspector builds
 (#3041)"

This reverts commit 16916fa8bb75e6c7c23c370f437cca4f1160dc96.
---
 tests/ossfuzz.sh | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/tests/ossfuzz.sh b/tests/ossfuzz.sh
index 2d9af778b..fa045e13f 100644
--- a/tests/ossfuzz.sh
+++ b/tests/ossfuzz.sh
@@ -48,15 +48,7 @@ cd ndpi
 ./autogen.sh && AR=llvm-ar RANLIB=llvm-ranlib LDFLAGS="-L/usr/local/lib -lpcap" ADDITIONAL_INCS="-I/usr/local/include/json-c/" ADDITIONAL_LIBS="-L/usr/local/lib -ljson-c" ./configure --disable-shared --enable-fuzztargets --enable-tls-sigs --with-only-libndpi
 make -j$(nproc)
 # Copy fuzzers
-# TEMPORARY HACK for #14297: let's check if introspector job failed because
-# we have too many fuzzers...
-if [[ "$SANITIZER" != "introspector" ]]; then
-  ls fuzz/fuzz* | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
-else
-  ls fuzz/fuzz_ndpi_reader* | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
-  ls fuzz/fuzz_config | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
-  ls fuzz/fuzz_serialization | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
-fi
+ls fuzz/fuzz* | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
 # Copy dictionaries
 cp fuzz/*.dict "$OUT"/
 # Copy seed corpus

From 5cae544a40417a20ef15fa6fd77ad1c34415003e Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Sun, 30 Nov 2025 14:52:22 +0000
Subject: [PATCH 5/5] s7comm: small fixes and extend tests (#3046)

---
 fuzz/fuzz_ndpi_reader.c                      |   2 +-
 src/lib/protocols/s7comm.c                   |  11 +++++-
 tests/cfgs/default/pcap/s7comm.pcap          | Bin 6164 -> 25924 bytes
 tests/cfgs/default/result/s7comm.pcap.out    |  25 +++++++------
 tests/cfgs/default/result/s7comm2.pcap.out   |  36 +++++++++++++++++++
 tests/cfgs/monitoring/config.txt             |   2 +-
 tests/cfgs/monitoring/result/s7comm.pcap.out |  25 +++++++------
 7 files changed, 76 insertions(+), 25 deletions(-)
 create mode 100644 tests/cfgs/default/result/s7comm2.pcap.out

diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c
index e90e1706b..d7e5de13f 100644
--- a/fuzz/fuzz_ndpi_reader.c
+++ b/fuzz/fuzz_ndpi_reader.c
@@ -143,7 +143,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     assert(ndpi_set_config(workflow->ndpi_struct, "tls", "metadata.ja4r_fingerprint", "1") == NDPI_CFG_OK);
     assert(ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics", "0x07") == NDPI_CFG_OK);
     assert(ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics.max_packets_extra_dissection", "40") == NDPI_CFG_OK);
-    assert(ndpi_set_config(workflow->ndpi_struct, "stun", "monitoring", "1") == NDPI_CFG_OK);
+    assert(ndpi_set_config(workflow->ndpi_struct, "all", "monitoring", "1") == NDPI_CFG_OK);
     assert(ndpi_set_config(workflow->ndpi_struct, NULL, "dpi.address_cache_size", "8192") == NDPI_CFG_OK);
     assert(ndpi_set_config(workflow->ndpi_struct, NULL, "hostname_dns_check", "1") == NDPI_CFG_OK);
 
diff --git a/src/lib/protocols/s7comm.c b/src/lib/protocols/s7comm.c
index dc98fc836..a5e7a12e5 100644
--- a/src/lib/protocols/s7comm.c
+++ b/src/lib/protocols/s7comm.c
@@ -55,12 +55,16 @@
 #define S7COMM_HEADER_PDU_REF       4  /* PDU reference (2 bytes) */
 #define S7COMM_HEADER_PARAM_LEN     6  /* Parameter length (2 bytes) */
 #define S7COMM_HEADER_DATA_LEN      8  /* Data length (2 bytes) */
+#define S7COMM_HEADER_ERR_CLASS    10  /* Error class (1 bytes); only in Ack or Ack-Data messages */
+#define S7COMM_HEADER_ERR_CODE     11  /* Error code (1 bytes); only in Ack or Ack-Data messages */
 #define S7COMM_HEADER_MIN_LEN      10  /* Minimum header length */
+#define S7COMM_HEADER_MIN_LEN_ACKS 12  /* Minimum header length (for Ack or Ack-Data messages) */
 
 /* For Ack_Data messages, there's an error code before parameters */
 #define S7COMM_ACK_DATA_ERROR_CODE  10 /* Error code (2 bytes, only in Ack_Data) */
 #define S7COMM_ACK_DATA_PARAM_START 12 /* Parameter start for Ack_Data */
 #define S7COMM_JOB_PARAM_START      10 /* Parameter start for Job */
+#define S7COMM_USERDATA_PARAM_START 10 /* Parameter start for Userdata */
 
 /* Helper function to parse S7Comm message and update statistics */
 static void ndpi_parse_s7comm_message(struct ndpi_detection_module_struct *ndpi_struct,
@@ -80,7 +84,12 @@ static void ndpi_parse_s7comm_message(struct ndpi_detection_module_struct *ndpi_
     flow->monit = ndpi_calloc(1, sizeof(struct ndpi_metadata_monitoring));
 
   msg_type = s7comm_header[S7COMM_HEADER_MSG_TYPE];
-  param_len = get_u_int16_t(s7comm_header, S7COMM_HEADER_PARAM_LEN);
+  param_len = ntohs(get_u_int16_t(s7comm_header, S7COMM_HEADER_PARAM_LEN));
+
+  /* Ack and Ack_data header is longer */
+  if((msg_type == S7COMM_MSG_ACK || msg_type == S7COMM_MSG_ACK_DATA) &&
+     s7comm_len < S7COMM_HEADER_MIN_LEN_ACKS)
+    return;
 
   NDPI_LOG_DBG2(ndpi_struct, "S7Comm msg_type=0x%02x, param_len=%u\n", msg_type, param_len);
 
diff --git a/tests/cfgs/default/pcap/s7comm.pcap b/tests/cfgs/default/pcap/s7comm.pcap
index a524d64f1651b312b61329f9b380f30af056b8e8..5046889d1fe0fc60302bb50c0786087103738bb3 100644
GIT binary patch
literal 25924
zcmd^H3s_ZE+Ftu`xQ2>~il~L6i5AL1@)njTsD!{#yc=FpH1l%2m6yheMAI&onO07g
zqBVn2sVSme%*tuZ(#%V#m7z6_PLr1@uPFTQ_no~Cd#|(IWKYlk%sjJn!9E9A@Atm%
zx2}6bSdAKC{}MuECf^dR;d7;4H1W9TF>XR$%&4h(Bd6z$j=5)6%*4E@W5-Pz+c_qT
zzT)Z})22<^>3P$pPis4Q)X2$gr*#<RnK&`A4ZZMwOJe7kw)c7_=CvL7z{p8$U52l;
zGkwMQGfAeew9|h^1c(Nr_qa*-&x~o`#+B42A->&h@niEQ<xL$oN;pNd$V6;;1ROVT
z+|;~j_l}%8zEw<88+<cJp%6#n7pZ@)tn^+7;q|?!R9XyiiY~jimiE9kRZ*)XbKB1%
zyw&!^UqVEh5DBqoyNdjvzJJ?Zq-{dI!I>+@91fcmPv1P*QCV4p<{i$!O`7I(d=T}^
z8~5dZvdY^&;fz3~LO7d&a|f=edJ(*6UYxkagp(CV7=$IpICJ-Rm_b-=Cf7-w9CfY=
z$J;KoKbqP?q4pPjwY4-A*Hry@#Kr!bdF)Ymv;oFgcSL37W3A}NsC>EQ?zI<J{IZqW
zCXDIyCJJH9`Fd+<KU`Dw!?+{%XT~VC#E7b_9KS=rRZ+io8Gc$5?>jW{fg`}NT?-wO
zzH9oqv*Di*7GX|6r9zmsj&3dOjcclYy4?}?H0#z-(QPbrOLa%34tZvyj=5K8kqH7=
z5|%IsYbLdeLRdHcb8G29TvPSqmlFF6^V_KKONEAW+)<S$T^}-5L&ur?L}VTkE<}hk
zLO6vpVEd@~{Vq&<=^Yp2sk*)j+&+M$>c_Er+!E$kSK&AZ9CN`j<r6pKHX>Z;>&2DG
zS{a&@x*GHT{nJ}Zk>Ql({#@I}o@1^%6t0w$&x7lpf?pUj*l|Y8m@w_tInmR1q8VzR
zxD7(3LYjWE;qB7)xTfmIEiUdE<`%DTdmh|IyCYINr!Ax(qxPuXd{ipb?oTCem*(P{
zs-IUqW6yK^#Y+66W&Fp=IR2Y-uh2wI7^T$-i*N|1(B|QdBOiC_IR4VMWL)N>5<clj
zh45eB{B~&$uBrO*N{d@c_*u0qcoo32MvulYeiPj@G~u9ZacY%L5rfX*u=H%uTW{NW
zc7Zv6pl~h#=Ms3fp<s{CvpIjS(YoH<W5R)J<=MdP+w44B#@udExRt=O$KY9H+ITc;
z>DlSNyX-ux;P}@l@joWxKlWC&p5?>^EeksG$|2zAqpF^LnX}8zvuBxC4GUgt-BI1o
zJ&MkS|JUi+%7MG=Jga2RZz-JDg7ZFjwzQzg=h>7=qZh4sEcrR`vhwW1{7>yXdycua
zQn>AdXY1V&-A|=up;=4Met7Y)jc3gT$6u(#zh1_FY-zQg9iMvoy#|q8mIFT@RrT!K
zmk!%`_B`{VIny|A60gtT*=GxX_${8DedVx?XU#R{yhY*s891MYXEO@s`aFB@_8zSZ
zgKBxe%gVFjonP5`ww$@ORJff6w=dw?&NLUAwe)P%xf6DtIXM26O8j5Q_>WDh*0ZKv
zlcI|gXLkX9KC0^3wDTwIJo^*#3bo*M4xX)D`0;P?Y)JVDJI?}`^Jazfx&0kxhQqTV
z1$X;A`?G7#yC)_spATMEp1m9Kqn&3jFt-+FZZpH-*%f%UIxP~-T6*^6ofqvq3*z`+
zP~yKL<3HA`TF<`y=)oz6#you=@bghs&lYvPXy@4q<`wMEYjz`eR<Q83-{RSKy)N2$
z7R;RAG;^Na2%KBNvn~Z#QeZr$HOPSmD+`=OZ>$F|E6*kmx@_m!i_9%n;nwPK*z9KT
z><_6I(5$6rlU4+8x%L{Qc?ie9T#3J#jQ?1(YCTK%>!wp<*CdVrem<(|*+VY|Z?Rc}
zyu`c$EqJBCv)qMG{T9y#tO?$7?R8`GQ0BZ|;hX}_J>XePL4?n<8wy(7mDu%c4e+w^
zY|g6CEjH`MmCUWF!mS59>jlpSq#i-DmYx;;RNv0CaE^bO5`Qllf7z94J^QL%pGMP~
zo_GNG`KYRAD^Jz8^K2FK3b5cc7M^ujIQ6%9cH-yycAnK>&aWw)$Aa@Hcos1CpFYph
z+6}yO-+^bb5VQ0w{zR0WXNAn|CWYH5cs2>1C8WNKW-UE?tIN%Hp4H^|pHbqUB;zmp
zqFT?2U+cKJWA8$Iqt7$iA5sa|0>wX$I*NPanyP5jDE7zO7yt0qykRN4cfTV(gYbm_
zei&+8#9%RIaq2g#g`+&e9d-Fkf!u?Z;irT3eXoXnZx~@vei*U-_)`^@7sZR{#S&P<
z-xw5iAK?(57y~rm0B?&sDnbOUVXpOS?*&o-_Pb%;{jTPaSd)QAg?QCD<tWa^HB~=e
zDe=86d2IpS&ER#UU^8RM{jNjk`&~_FTA3gmW9}1P(IrPQ?QyC4aqBKVV{W4rZa0J5
z=fv$s{1nD}xzF|D@je%bw9)qMnMUB63SnxO9mTXxq3Xx6ZG5IB$IrnLW8~%c3SMSR
znqyE#pc1E<s8p!^?r47?uBrO9pB|rO+5RD4``ftvrnC<X=F1SMsMT@SPSr$ZC^m$N
z!s$CRC?X6L!u=^Spm+hUsrqR-OYCJWX<u#3lN4xqiL`WJ2#1z^s&K<a5^zK6%+u)9
zjIa|JI}X}nM~t^<SBf%Vz&p-02O~x3RDMZs$wKjwJ|pxuD9*n10_^n9w$$em^jQM^
zCsnWi^p*j3`n#>#KZ@<P-o9CXC*`oJzr#}hu#UF+f6n^fs_4IDaq7{gr2mUcO!@=Y
zT7QQi{iV<~N!K7PM3>j^la>C<5T{N4_p#KcDfIac`ZuXw|J|K!_3vxhew?p;v;Kj8
z`ir_?N&SuTDv49moBs=P0*dS6HB~kLk#_q?{|2<jG3Nhw&_A8@-*<}j|3=S$;D(Fs
zO8&pY*v$pT5d1@L5w%h2v(QG+M^ka&d#LCkn!YAq1i(r1Qu-<1=ht;x^Ghebns4zv
z^qwq%)B<8w+oAV_h~aM|t<=8wZ)j$d3ptivr3=TE?e3^cU8~Opt-oz9^s{W=?Q7qh
z3kY8Ai!Nb379PIOwlD7IzS!EF3s<%y7p71y^loD6i@>$&i-gT%VTE>2$|y`m5fKqi
z7~pl3B{zMr>WkCH+v?xnQlBZpakaKP>f&i@{pFb?jkSN85Kx?hD5(0)MQQN^EZd*y
zYu|gm#^+m@i|{`LoM|rVu8A;elCUVJmeLCp!VG&dpm-XtsjB@@<cR~UeHXL#S8GH2
zWu$$;T-Lse-VcEpj{K#0sKDEiFb_3O=qR*=G~A8pj+%nnO@t?;ik=BQaB54jsChme
zG1=t#KuaB#L5D2p{ATq!cYVrM=Rub3ukf{R))}MuuhF^T23wsEvd+nh&RNiTE9)F%
z(ixb)ht3ZoCL5gxTk5bCIy?@Y@2_6x)HiK)9%9-4c3=BuokM?}&RGX+b;cF}>+jnY
zogatJ-;mA@?-(ZY8JNF^&ZUUSM(3fHI(!2ic0%Wl)$6?Spsmh#TeknbuYI%57%6^D
zK2Nw{tMiwvb7w{8or_by)mUfmd7ac5n7@b4hY^#F&bd}Pe2e8-MW8$CLb<ih#=XM+
zivh*`F<w#i8=rf|53_7P#Mk~i+=uy|6$Z*1NarB$`0Swdx&z~6)mrHfgn>e1^ocNM
z@lae-^&6uz#Ua+Zk6G)AKxo~Pw9duW2CJSH`WOw|a3J#-ja#@Vv`-OQvj9Pu>R6n7
zgVRpa;g+0Rf^%zV`h~ToMs9iGRowhE&5R#m*?t>e`yZINg_EY?UQGjtS4cui0*b4f
zkDJlY`)_pm_8xw^ri;U@Yd=NT*3dPFbiEJTVCX9Me!vbV9ck{PMdrRxo^uIL)%0uN
z+T`g-OU^mqoB>TstTi?AdbL><FF#Gw<L|L-e~7Pr^EwU(eCj&xT6@}4ot$=i+9Rwd
zozoiD^c5M<^Fh+{>Km-5+|vTrY8^+|ypH3Q`fuCQj_GWx|0qj+9)vzCp#NxV{TIS#
zD%4-6-tH_Oi)*TW`VWpDZQ1@@U;BGl2N(5M^v{~SBZ$^FCZWUijCR*>A+c|x>`q8Z
zNDzcic}C|%R49%ina<+7a81=OzmvsR?8k7$j}`D^Bl%J1VU8n`;y^+p4jwI{y%=gv
ze+w*|oX)f4yb+w&LsPf4rp9sNUxS>*gTaHUAD0aAHFL>UxU2`4w}{J|kOv%MbxlE}
z4xB+#RH`(^3#&2k(ZROd##nND3*7dDTf8+lH;d`@=|{95kJnVye9>--A8XnE`?CFc
zSVDu_1>GmK;Sk5sjwX(Z^2w7mEijCn(|#eYj;DK$xTVDVQ8cD^w8ixCzqXK$l#9k(
z=|90XSH9s~$x?D<|Kij#K7-wmXUY{wdp)`GI<Rf}!M#>qmf=jc;yiLCtomH}0qxu5
z$~epR-;?btxdLv6T=}of0o%X>HD2$~*^gDOtb52dSB`S7WGcCGesSut%`~p8?`Fys
zoZnneuC&Ux&6WGCygas9I4T>uqt5@sI#-HxF=+h1AMG!|YpUwFB4)*pw`~7iU;C$+
z8_&l`6mWBhWF9p;igKqG5ssesHxcNhu?1E1?Kd!;fJ8q$V%jS+U8JV;OG$-5n%Mp=
ze}O(wd}@C!+Ggtkei(bU-ewOf8!k>gUXwgnx5MN?Fnhp58=$Hk+Y{ci^<aXPM#pPH
zqhxrn!`cJm9Q**<mvgY62g&ghE!(f>YkvcClXEb*k<v7969(xxk6xpY-}AORi$~&`
zsvlNP{3J`PRz9qqjCG4XN7fQ}N*7BlE>}gEhO--5Y`ENk!_%{J((pcEQw&DF!_HRm
z^_!=YMHzcJMDa2iUiKp|Yq?B(5d-r@6q4^`;897xB~ZNnz&cMhuBnQePwc()37+J8
zKYa<`YfH)cg7`K&^vK~Z1*rRXhKn(--Kz$P!icGK|EtCY#*+8H&_sy58>RW*|02Ba
zA71CdqF+Ae2_!En<8`m_5Vv|=2#YYq7$5=*n0!w8LkZ)_`(Iu>iD<h2CD-zVd34D-
z4>oY#`%@~%^sFzL<7W!TDZpJs_rGSpz?gE60x^}fJfDfnJ<1v2P$Ap_udMTYhHI)`
zRSjI<uYe6V21RaDxGn-$-1mtP$Dd@}<&;a_qz%Um?Y%$cpcb(=o5|RX1@=ts({eh*
zv~%4SpP1Iml@y<l(k&rIY{#lb6G1j#3y!fUV*7vqN3eLfo5wRfrnhJ0=)9@E?-C*<
zCNz|_ro1)k9JAS0=R>UX9!2LRqOdmIOTF1M%cL_XsyfqvBz2Z+KhpW}o$EZl`JA)2
zN@wk+iYct~aI?;}Z-&miM*lvAae3_roq-!Jj!2yk!fxpN1+Vj(;RsmE>Ci4Ap>0~f
z#Ds**m}%2TP9Nu)G#p*dR~+u%-A!-!z9KI$6I4^2*;B{i*A7Nbh{+k3H!*M0w3xIh
z_m7*5tLger2Ij<ckMHK{->y?TS5jhv%NT+8TY|g0`+E~2#+}tR)$I?7zUrILjXtJ-
zYU|@+_Hno3<3>?frwQ(nw0$PS<Ri$+J$<Uic^gKNNFTj}lefRzc4(ak3rj)OufKd&
zF_nFM!|Y?7Ch+k9^_Pd6G45aV{=&GA`Fuo+@bQt%%<eHsDXx_639e3r;#WdN>+|}E
z>Gw778yx;MzUF-!$3xW@B$nEL2LEWQ`w`atQ$_a!(0vEaI2R61GU@L0>pz+cVoTkN
z^a!c{G^t$YS%BA6{dAvIf!i7wlLHjpcR+VMs~8~$4`Ez+<^bHPGY9q?x+gF;ojK4`
z3K60d`$ost69Ug2)5GxlMDeNmj0swAH;#Y9`h2YDb50c2tp|NNjICwT2Wv59d~r4h
zrqpMt9ues?BYM3@-rw=lC$9os68h9P>r=O$Yj<IN(q{?I%aM%ooEEt9oOYhKKR}<x
zj2$VoKB<+|E4kEnghck~Fkp%A{tm@Pg<?u=YOBRj)?%kwi^BTQqA&JHmuH<dX#t@X
zEv`AIow#ki-JEtm_tCA27JZ>b2h!r(n;2KlX~6wYoYUkOOFEzStoP(VbE<ypqqMB!
zmO6KU&ObuukuQGAe4FTF5~i2x?h6oR(NnhhHiPr6uA=de(3sbMI~JPq4VW_D{O>1f
z`u#))?k9%eeqtu>C)V=i+aHKC3dMB8U)Fo%*^!?P8Cl=64%?M{>n92$<Df(H)h9V7
zd3J;p#~!bVw{_ZIbfZ-<-PiP;9T~CTdCP#U%<m$j0^I`r?^d%Ok#W#t2IbsUj5X+g
zjE&F0jv(MB-kB#jn2-})?G4yim~kQAv$w6cTOa?#yx&)N&j4>aXVy-vW^B1W4rTZo
zy{!lPo)7DVxqu4c&Dgcx(-N<#s$-4TumWo&tQm6^t{LFEn7IBO11>n8rF_F@;5qnM
zPv8az&atql^Uh6&@(Hg~QxX5X^Yq00I=9kGl*Nq$A~f2G-sEs#P1!V%es@q?DUxx*
z)pB~hYps2%UGaEZ{|z5=`lY#JI>f~KmY@2C5TAeQ>e~y^p^$zwR~UV3w#U}DQ<nL<
zSQOTyJ!!-VOoh--`i3bVX@jwgN|kT4pQ1v(y?uDS$G1mSb2PbPHs@$3vv2j1;TwLh
zCPEx}l=0*q6?kMnArc00Gxi5h(+!@Xc#o=IU(C!p!`$9fa&j%Wx!qCcuB`IzD-8Ft
zEbsTAHxedc8|R&m+HR<tgH@jC6%R7cTNIvd@Z3W@U459R+)E)D<=W8devgs!==K}z
z#-Fpyd85L44>)7rc<!s!;~7_uKjGIm{>1k*V5^)nDi9{dpE!l{6mULEoXh)FVI!x2
zeLdq(&5R9p<Ig$fP4lf`e_nVNyqALamJ?Xg81k6!L-9kTaJ4FrjpI-Fzzufe&m10q
z1}j{bx^}M)Bd*`w&UkYC0p9=W`19HjTi?#JZ(Gd1tqv1~_2*+ReCAl0$+w!-k3TcV
zY_J=D{>V9co7uPe^Wj@8`F7|7#*^a@@a)E)6m6qjUo2;CYZY#>;I<sxzJB4Kj3xUb
zR^`{T7D$OOVEgyQhnQyzh39hc#P422h)V~mu+cAoeLa0~IIy$PbEx`_yD3>$n71<S
zuI>Te?|}E#V{1&F0vL0O?ONauu^a9BVm|l90Sec5z;!rrJ@z)^$-W4@|JA<u9(1(v
z?JE1WLCM$QqOig1IM3L5Y@x}w+ST{P2ik75>x&O_jwYIYYw$XJn@PTX*^TjJUj&|A
zU;OcYLw``uHZ!s{=C(%RHWS?52e(ZxEMY9!7ts-~r!S75Z@~8Ni*uQ0Gll2-;Q0da
zyl9>m0en4uaUQU*?P<1ydB3LcegV9{2k)nkWtcpzTYX>bw#>FK7I0t8QMi5&uA7K!
znR#9W-v4S}JpH__ZvpIEvEth%Q5ba)XE>{lC767RtiCTk^0IAToX0uZ*6dr<LHM?t
zd^>2K7lCKj7h_XOZ05!6Am;Xx!fiLWodmZhUg>P=i}lpL*pW7>raiK8|FQJ05>Gm&
zC93MaQQTfJ-;(D^@H|62cO7Qzy0mX}2mx%AeORjc_8-&vE$?2ZN1qa#Gm-3I%Q5E+
zcwPa|Sx<k(Sn^DyK6yybd^v0PRGzVhIb3Le)nHhOXCz)x_2ZXQ@d)!%&fuc1xOT6p
zLHyENFecxZ!+{7e!|^Z<-Ah^EJA(@o4ZSCBPu~Lw!lu1XJ}MQ8VZoRZPcE*h`py5@
z*&)pPd9%N3YKX#yc!uy|R_r2<p{0Hn)PQ(X4B*YrE_(4}L+}JGn$Jg7_g?F!l-TXP
zuxG_S<R)`2H*5(Fl1PKLUft#13;1&HwZK7$-sjup`6uC1A>P?DZFz?>@8=ZWN#NZJ
zyyI&utKyB`69wr+NFe>45j;UD1V+w$>_wcjPM+@uynIyRZOrYC^GiIv@g7w_@9(I<
z{0!c$6yCkSdnobVdw}ul>t`as=igHa)G7%>)wtKf5>J1;Pu0)kp4nl{Rq4ZPhJx!b
zaBa~06l2N1snU?RdjF<M71ydWW@De)xzy07)VVaR0_OwZ*i_*-3>;?@$8AqDF88Sb
zoLdk_tS<4lRG=&|@%`RHV@OVge04rw;<<!ts(xI5%)WuRHoc_yIvZT^tl@>rPMqHX
z>qF8NjYiYob($U+2w$BvlfzfRe@h0}4;!xMdas*Md}x8br!ieO#x(*KuOBu4JH5^P
z4}9`p)yvy@q4(sq{AnD1MVNo`^fr30Vwd?JP)QTYgUJ*E3TZRt<r0q@*Hry-u3N=p
z>_@EP$AhljFLxn7cD%{jMC&;RZ5;IQM_?fS(pW$M;SgRCwT(h}^Z!!f!5}TD`gt)U
zJDj{|Ho@%0%U$3Feuv~j*@eF|UbgN<BmNs(PV&O>o4u%d&SWpeghFvfZ7T7s!!=bu
zT?#86CtV^xRCHMeU7jFaCNAbUXX&~iP6z!3FJ~bB=1=}>M@0?k9(|_wRHx}Z)oI*6
ziJ)kVh2O){*;I&!+TU+IW*Ae|^>cc51nd5+qWcq~FdEOzTo{}6GxOmw6-k5~MkK8m
zG}JxZ-8Z{u-;_+>JtgCq_U8E#yFJ1aoL?=?I!4!oj@XmnclVxST)9U8F3=fSj%hfQ
z;zFK1e${qeQkywGqi}p39Gih-&Z9|;CHDyEvskLfd0W4V-=f8{EScG<G+q)W>1*U!
zTu^Gq^GW8Z?AN24f#+W4Il{yf*vu2?lBe-((!H>>YJT+hGLm^NQF!hJ&-UPXXGI^A
zm)M!ZOCL`WIJ{>{-)@#(-mu1&<5SGBx#DGeaOCsBeXUI#fva-Nho)4>%gR5O+O0wA
zF~`RhjyMmDz6%_0X_d@ayaoXZ&X=(i@^N%@k1=Geu$+reAGGDVn7JzBV)R|E-LFKE
zpPzf@N13<4SGmgEc|A5rwAf#iaTj<~H5PtWD7ieNtLPf^kM!4S3kTJQonlPm!W|3g
zJ6Ad8ia|(8hqLlarz0e+`KXN_)B9RL0G59;cZ^trZLx$PtmDfhmKgJ}vwy82`+)c8
zsyhByglERWD943(y$mc`>rgco=9N_5n|Zk<md@)@;O)<k(42!Z!9!zCyS%)pZR5B`
z7=sQJWemdmRE>o(?kdk@j82vqQNS2w#=tyZzjhhg!E=bdzo(#4-y>Wjw-La-Hn;JY
z3HO0D5?9x8KXhDa!EKkfZI#>cgLd4;movr_mKgrrb}={nZN%!iodE8&xs_+JrdbkK
z_iZJ7J892Nj@9Jb@vn+9hC)-S#=^d3mS;0Yk|hRl8{_lsQ{)D5llQRDScrU5PAl_`
z)%iLIVR!htC?glIsTvDoXOGAECcJw@V(Z?Wgm+u=3Hx3X_NTzMeohbQRb$IM9f<Ig
zzAwrch1XP#h4K5ByP5kf5?|MMOaEF!os2)phrb8h319AYFvwUv-$2-uTUT^2is2E&
z@D*NDH5QIx_jsHYLW5u#gI9y0PH1qLWB9=o!yd%2oYp!RbPz+;vku%c)+p6KzlWXi
zHJ{(3uU-53y&&7?_lPrbH|pQ;U$*-9Vf|Z6?z;Ymq5q4D{(GT6ahLi#{Pl0FV^a)e
zJP8Ov`u9Q%@8LC7V<G*u4dW{)hWnez7<Bz#g#MQ)hQSyy^s$j**o&th=ji$)hH!0!
z{yZ4BTp6m}ZFsIPE5+R*J}0g3fV93wVBfW)+UM!OxSH}SpX=+M*uQUL$4-fOt}oHA
z#b5DUA3f!k*uF!L9xhi8zn`Z!{(qiwBVW}V+xUxZj`ignYbE{FbL?{eTDj3mj_vdM
z>&r2Suk>+#=1lhSO}Y-0V|C6KWjuq|RE>rE`26ve+{ZIz4Bi~ejc#1{*G3$}OTHYV
z81?~JKKq8ts%PK0W%O~wvu||J^(&rzqgYkl%C6YzmczQm$(X&m{k0Kv8?WegK#y7W
zO+=*V#?PWj-B#%Wk#3i+7G*qy*Hn##b(=Clux=w{47zUPp<6P?@R(0Gis1mn>Z12e
z#2}whn&<8J(9QChxaJYgrp;SmFTDx@s2W8FthJjz`mshWWqi6u$<U}s(dY|3KB-Zl
zpGN$AoYcrTf7ExbwV6LAXsl6yj6v6^2pZ*b3_tiZq8Pq_Msof@4F8Gq2QRnb1?9(_
z8`fsz;hL(kaDEId@6Y--m)v#zbNkmCmcra8`?w#{xywB#jK-c5yFV_b=fw!0@_^Q&
zR49%!h{Jb==Y5+$avVJ;IM{=QG7hf?!&2ZuKF2Y_6vrWWAkW1K2<PG{_#oH5M*faS
zTmA!>f2_pS`R9XwKZXAh@F!f!AIpd9;h%;$Z1@K-{{=D*oqs>@U!(A+IF1<jBMz1S
zXnxD9d(4Mx?bgQwnSYwZ)%mXh|FP!v@upzHty=pVHO^o8s$Gr^VvMGi7_>(9<=Cb>
zb#7AQkn7X<Ys6urv6D4c*2=@iLgSCj8dDsb?lfqOIP5e&0o-o*2CBxwxt&x#nE7{C
z_<sbAXDb>ruC>N<U$NDA2xHu2iDA|_Mdv0p4!u5&w;&E1jRRTZ`7#bYk7q;UlZwU^
zM~XpX#DQY!$HqMFnO$tB@lfWUB60ORJ_(H%DH=~8+$xQYYmg4Nzm|bRdqLG$*vEqM
zy9wimvz8d7@d`OcZCa~ylV`tSzt7pPT!TEJ2S?-TbBGxa(g~`@!ZGJg2x31b$(VIN
z7Bw#Xs3ZIFfGOs+@S~M}4vd%`^rWd1zh*6*Y84a%4ZTK>Rv{Lfevr!^-6>=7dh}68
zc(hsZi1b@q<&hC%T&gX`FvhsU5~DUe@}1LcD!w+xH?|lPf?3mNC5Eo)W@y?e-yfsc
bnny&MEsx>Mql?7Qwdw?|N)@e$hmP@oEl`?A

delta 896
zcmYLHO-NKx7`;=oaP!_czG?9FM&~)sH2P+WM-dS&(kvGb7iLh%P#RK$D+{7cQ3JUs
ziw3;4i2|jP7D3`D1^q}Agf&4?LAXevUkq_!&_<(kzwZsb)jj7s=X~G2-+S>YaMewH
zcs@C{P6WmOFDL>4w@&=tpFXaMPMkaCSTZ8_g<CYmK0RAu-x(44B-~P^*zR+hkkvH@
z3H%%eDAe>2XuG6|ky=ZJ42SS}VA%&^(AY!7=5Y|C2}}MkP7*N!LOF^Nc1%6=9m^4R
zc(cAEzkwYeK~Rq<JG648N0c2eziOgXj#>d~u=Sgg@1=9wcaruJFjxKHm0AuiDWYJq
zbZ!k`!OW4=i|ax@ws4J&eMC%wP&2Hzc!q)v!GdYYeyf!PJ-f+qn!qCkx?&tW)DAEa
z<KQbtNoL7ibsYQ$gbIFN$HDW*AW*^E>N)t{1rV3(IoP}iV8=Pw7zQZB57FY9Zs;P1
zb>^g6T-f$#kTYQEv2BM`cWzcxYUxY9YWhBcx*GVEViRon(!c{PmQYk1ZBOuPZ+Q)3
zG*P4m;{d8be<L@TEbAhVG4k|RJ!?Ebs_UO&ag*Hy;`3~IkmLs0MHE+)N2oXppz>sj
zi<w`#D1Az8=ha?YBPnJ{caVGugp$vsS-$Bn<iRFizFZwr$=G5u%Ll?B-Zt~|O)KC!
z#j4x*!|!T>r7KPc5w0#Mc`)N>N^lC;!^J$h*qh8wQVoS*v$F#P4z~ihXg8DH@ef6W
BLtOv>

diff --git a/tests/cfgs/default/result/s7comm.pcap.out b/tests/cfgs/default/result/s7comm.pcap.out
index e0261a7ec..a49ea7df4 100644
--- a/tests/cfgs/default/result/s7comm.pcap.out
+++ b/tests/cfgs/default/result/s7comm.pcap.out
@@ -1,13 +1,13 @@
-DPI Packets (TCP):	3	(3.00 pkts/flow)
-Confidence DPI              : 1 (flows)
-Num dissector calls: 189 (189.00 diss/flow)
+DPI Packets (TCP):	18	(4.50 pkts/flow)
+Confidence DPI              : 4 (flows)
+Num dissector calls: 655 (163.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
-LRU cache fpc_dns:    0/1/0 (insert/search/found)
+LRU cache fpc_dns:    0/3/0 (insert/search/found)
 Automa host:          0/0 (search/found)
 Automa domain:        0/0 (search/found)
 Automa tls cert:      0/0 (search/found)
@@ -15,22 +15,25 @@ Automa risk mask:     0/0 (search/found)
 Automa common alpns:  0/0 (search/found)
 Patricia risk mask:   0/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
-Patricia risk:        0/0 (search/found)
+Patricia risk:        1/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   2/0 (search/found)
+Patricia protocols:   8/0 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 Hash malicious ja4:        0/0 (search/found)
 Hash malicious sha1:       0/0 (search/found)
-Hash TCP fingerprints:     0/0 (search/found)
+Hash TCP fingerprints:     2/0 (search/found)
 Hash public domain suffix: 0/0 (search/found)
 Hash ja4 custom protos:    0/0 (search/found)
 Hash fp custom protos:     0/0 (search/found)
 Hash url custom protos:    0/0 (search/found)
 
-S7Comm	55	5260	1
+S7Comm	193	19127	4
 
-Acceptable                      55 5260          1            
+Acceptable                     193 19127         4            
 
-IoT-Scada                       55 5260          1            
+IoT-Scada                      193 19127         4            
 
-	1	TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: IoT-Scada/31][Breed: Acceptable][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 134.217.61.131:51212 <-> 134.217.61.211:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 249/S7Comm, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][Breed: Acceptable][32 pkts/2944 bytes <-> 32 pkts/4268 bytes][Goodput ratio: 41/59][0.55 sec][bytes ratio: -0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 12/16 108/108 20/27][Pkt Len c2s/s2c min/avg/max/stddev: 79/73 92/133 249/301 30/81][PLAIN TEXT (ES7 315)][Plen Bins: 40,43,3,1,3,1,1,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: IoT-Scada/31][Breed: Acceptable][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 172.17.0.2:33028 <-> 172.17.0.2:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: IoT-Scada/31][Breed: Acceptable][21 pkts/1825 bytes <-> 15 pkts/1993 bytes][Goodput ratio: 24/50][0.23 sec][bytes ratio: -0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 9/11 56/101 18/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/133 145/447 20/96][TCP Fingerprint: 2_64_33280_db1b9381215d/Unknown][PLAIN TEXT (ES7 315)][Plen Bins: 33,45,8,0,8,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 192.168.1.180:1117 <-> 192.168.1.11:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: IoT-Scada/31][Breed: Acceptable][20 pkts/1605 bytes <-> 18 pkts/1232 bytes][Goodput ratio: 22/20][7.11 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 381/372 1004/871 476/355][Pkt Len c2s/s2c min/avg/max/stddev: 68/54 80/68 93/83 11/14][TCP Fingerprint: 2_128_65535_44bd01ba086e/Unknown][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/s7comm2.pcap.out b/tests/cfgs/default/result/s7comm2.pcap.out
new file mode 100644
index 000000000..e0261a7ec
--- /dev/null
+++ b/tests/cfgs/default/result/s7comm2.pcap.out
@@ -0,0 +1,36 @@
+DPI Packets (TCP):	3	(3.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 189 (189.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/1/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+Hash malicious ja4:        0/0 (search/found)
+Hash malicious sha1:       0/0 (search/found)
+Hash TCP fingerprints:     0/0 (search/found)
+Hash public domain suffix: 0/0 (search/found)
+Hash ja4 custom protos:    0/0 (search/found)
+Hash fp custom protos:     0/0 (search/found)
+Hash url custom protos:    0/0 (search/found)
+
+S7Comm	55	5260	1
+
+Acceptable                      55 5260          1            
+
+IoT-Scada                       55 5260          1            
+
+	1	TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: IoT-Scada/31][Breed: Acceptable][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/monitoring/config.txt b/tests/cfgs/monitoring/config.txt
index 6a90a966e..89c0b05ad 100644
--- a/tests/cfgs/monitoring/config.txt
+++ b/tests/cfgs/monitoring/config.txt
@@ -1 +1 @@
---cfg=packets_limit_per_flow,64 --cfg=stun,monitoring,1 --cfg=s7comm,monitoring,1 --cfg=stun,max_packets_extra_dissection,32 -U 0 -T 0
+--cfg=packets_limit_per_flow,64 --cfg=all,monitoring,1 --cfg=stun,max_packets_extra_dissection,32 -U 0 -T 0
diff --git a/tests/cfgs/monitoring/result/s7comm.pcap.out b/tests/cfgs/monitoring/result/s7comm.pcap.out
index c720f2563..f9ef3383a 100644
--- a/tests/cfgs/monitoring/result/s7comm.pcap.out
+++ b/tests/cfgs/monitoring/result/s7comm.pcap.out
@@ -1,13 +1,13 @@
-DPI Packets (TCP):	55	(55.00 pkts/flow)
-Confidence DPI              : 1 (flows)
-Num dissector calls: 189 (189.00 diss/flow)
+DPI Packets (TCP):	193	(48.25 pkts/flow)
+Confidence DPI              : 4 (flows)
+Num dissector calls: 655 (163.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
-LRU cache fpc_dns:    0/1/0 (insert/search/found)
+LRU cache fpc_dns:    0/3/0 (insert/search/found)
 Automa host:          0/0 (search/found)
 Automa domain:        0/0 (search/found)
 Automa tls cert:      0/0 (search/found)
@@ -15,22 +15,25 @@ Automa risk mask:     0/0 (search/found)
 Automa common alpns:  0/0 (search/found)
 Patricia risk mask:   0/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
-Patricia risk:        0/0 (search/found)
+Patricia risk:        1/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   2/0 (search/found)
+Patricia protocols:   8/0 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 Hash malicious ja4:        0/0 (search/found)
 Hash malicious sha1:       0/0 (search/found)
-Hash TCP fingerprints:     0/0 (search/found)
+Hash TCP fingerprints:     2/0 (search/found)
 Hash public domain suffix: 0/0 (search/found)
 Hash ja4 custom protos:    0/0 (search/found)
 Hash fp custom protos:     0/0 (search/found)
 Hash url custom protos:    0/0 (search/found)
 
-S7Comm	55	5260	1
+S7Comm	193	19127	4
 
-Acceptable                      55 5260          1            
+Acceptable                     193 19127         4            
 
-IoT-Scada                       55 5260          1            
+IoT-Scada                      193 19127         4            
 
-	1	TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 55][DPI packets before monitoring: 3][cat: IoT-Scada/31][Breed: Acceptable][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 134.217.61.131:51212 <-> 134.217.61.211:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 249/S7Comm, Confidence: DPI][DPI packets: 64][DPI packets before monitoring: 1][cat: IoT-Scada/31][Breed: Acceptable][32 pkts/2944 bytes <-> 32 pkts/4268 bytes][Goodput ratio: 41/59][0.55 sec][bytes ratio: -0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 12/16 108/108 20/27][Pkt Len c2s/s2c min/avg/max/stddev: 79/73 92/133 249/301 30/81][PLAIN TEXT (ES7 315)][Plen Bins: 40,43,3,1,3,1,1,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.1.10:4185 <-> 192.168.1.40:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 55][DPI packets before monitoring: 3][cat: IoT-Scada/31][Breed: Acceptable][36 pkts/3146 bytes <-> 19 pkts/2114 bytes][Goodput ratio: 38/51][0.14 sec][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 3/6 8/12 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 61/74 87/111 301/275 54/44][PLAIN TEXT (TestHMI00040)][Plen Bins: 53,32,9,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 172.17.0.2:33028 <-> 172.17.0.2:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 36][DPI packets before monitoring: 8][cat: IoT-Scada/31][Breed: Acceptable][21 pkts/1825 bytes <-> 15 pkts/1993 bytes][Goodput ratio: 24/50][0.23 sec][bytes ratio: -0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 9/11 56/101 18/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/133 145/447 20/96][TCP Fingerprint: 2_64_33280_db1b9381215d/Unknown][PLAIN TEXT (ES7 315)][Plen Bins: 33,45,8,0,8,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 192.168.1.180:1117 <-> 192.168.1.11:102 [proto: 249/S7Comm][Stack: S7Comm][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 38][DPI packets before monitoring: 6][cat: IoT-Scada/31][Breed: Acceptable][20 pkts/1605 bytes <-> 18 pkts/1232 bytes][Goodput ratio: 22/20][7.11 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 381/372 1004/871 476/355][Pkt Len c2s/s2c min/avg/max/stddev: 68/54 80/68 93/83 11/14][TCP Fingerprint: 2_128_65535_44bd01ba086e/Unknown][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]