Add Kismet protocol detection. (#1710)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com> Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni <matzeton@googlemail.com> 2022-08-24 10:50:11 +0200
committer: GitHub <noreply@github.com> 2022-08-24 10:50:11 +0200
commit: 30730e95e5a270cb70dd5509fa6e481a7ed4e074 (patch)
tree: 4b989f674e6a6fe0c91519c736efd57206bf9113
parent: 93a80a1c4b31d0c8b23e92b7005f92597b42268b (diff)
76 files changed, 176 insertions, 71 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index bad450d34..4f63e2a0a 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -337,6 +337,7 @@ typedef enum {
   NDPI_PROTOCOL_ALICLOUD              = 306,
   NDPI_PROTOCOL_AVAST                 = 307,
   NDPI_PROTOCOL_TIVOCONNECT           = 308,
+  NDPI_PROTOCOL_KISMET                = 309,
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index 98a860a24..4224e11cb 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -238,6 +238,7 @@ void init_softether_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 void init_activision_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_discord_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_tivoconnect_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_kismet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 
 /* ndpi_main.c */
 extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port);
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 711b4187a..398eb6edf 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1966,6 +1966,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
                           "TiVoConnect", NDPI_PROTOCOL_CATEGORY_NETWORK,
                           ndpi_build_default_ports(ports_a, 2190, 0, 0, 0, 0) /* TCP */,
                           ndpi_build_default_ports(ports_b, 2190, 0, 0, 0, 0) /* UDP */);
+  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KISMET,
+                          "Kismet", NDPI_PROTOCOL_CATEGORY_NETWORK,
+                          ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+                          ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main.c"
@@ -4554,6 +4558,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
   /* TiVoConnect */
   init_tivoconnect_dissector(ndpi_str, &a, detection_bitmask);
 
+  /* Kismet */
+  init_kismet_dissector(ndpi_str, &a, detection_bitmask);
+
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main_init.c"
 #endif
diff --git a/src/lib/protocols/kismet.c b/src/lib/protocols/kismet.c
new file mode 100644
index 000000000..664b0cd3d
--- /dev/null
+++ b/src/lib/protocols/kismet.c
@@ -0,0 +1,72 @@
+/*
+ * kismet.c
+ *
+ * Copyright (C) 2022 - ntop.org
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_protocol_ids.h"
+
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KISMET
+
+#include "ndpi_api.h"
+
+static void ndpi_int_kismet_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
+                                           struct ndpi_flow_struct * const flow)
+{
+  NDPI_LOG_INFO(ndpi_struct, "found kismet\n");
+  ndpi_set_detected_protocol(ndpi_struct, flow,
+                             NDPI_PROTOCOL_KISMET,
+                             NDPI_PROTOCOL_UNKNOWN,
+                             NDPI_CONFIDENCE_DPI);
+}
+
+void ndpi_search_kismet(struct ndpi_detection_module_struct *ndpi_struct,
+                        struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
+
+  NDPI_LOG_DBG(ndpi_struct, "search kismet\n");
+
+  if (packet->payload_packet_len < NDPI_STATICSTRING_LEN("*KISMET: "))
+  {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    return;
+  }
+
+  if (strncmp((char const *)packet->payload, "*KISMET: ", NDPI_STATICSTRING_LEN("*KISMET: ")) == 0)
+  {
+    ndpi_int_kismet_add_connection(ndpi_struct, flow);
+    return;
+  }
+
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+}
+
+void init_kismet_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+                           u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+  ndpi_set_bitmask_protocol_detection("kismet", ndpi_struct, detection_bitmask, *id,
+    NDPI_PROTOCOL_KISMET,
+    ndpi_search_kismet,
+    NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+    SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+    ADD_TO_DETECTION_BITMASK
+  );
+
+  *id += 1;
+}
diff --git a/tests/pcap/kismet.pcap b/tests/pcap/kismet.pcap
new file mode 100644
index 000000000..7f902e57c
--- /dev/null
+++ b/tests/pcap/kismet.pcap
diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out
index 975868964..8dfaf6a65 100644
--- a/tests/result/1kxun.pcap.out
+++ b/tests/result/1kxun.pcap.out
@@ -6,7 +6,7 @@ Confidence Unknown          : 14 (flows)
 Confidence Match by port    : 5 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 177 (flows)
-Num dissector calls: 4689 (23.80 diss/flow)
+Num dissector calls: 4692 (23.82 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/443-chrome.pcap.out b/tests/result/443-chrome.pcap.out
index a70cb9595..e85eff3ce 100644
--- a/tests/result/443-chrome.pcap.out
+++ b/tests/result/443-chrome.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 123 (123.00 diss/flow)
+Num dissector calls: 124 (124.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/443-opvn.pcap.out b/tests/result/443-opvn.pcap.out
index db62cb987..dd45dc02a 100644
--- a/tests/result/443-opvn.pcap.out
+++ b/tests/result/443-opvn.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 124 (124.00 diss/flow)
+Num dissector calls: 125 (125.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out
index ed88a3354..179f6bba7 100644
--- a/tests/result/KakaoTalk_chat.pcap.out
+++ b/tests/result/KakaoTalk_chat.pcap.out
@@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Match by port    : 4 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 33 (flows)
-Num dissector calls: 619 (16.29 diss/flow)
+Num dissector calls: 621 (16.34 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out
index be897bfcd..e6f89c362 100644
--- a/tests/result/KakaoTalk_talk.pcap.out
+++ b/tests/result/KakaoTalk_talk.pcap.out
@@ -5,7 +5,7 @@ DPI Packets (UDP):	6	(1.20 pkts/flow)
 Confidence Match by port    : 4 (flows)
 Confidence Match by IP      : 5 (flows)
 Confidence DPI              : 11 (flows)
-Num dissector calls: 857 (42.85 diss/flow)
+Num dissector calls: 861 (43.05 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out
index 683f6f5e1..118bdd369 100644
--- a/tests/result/Oscar.pcap.out
+++ b/tests/result/Oscar.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	33	(33.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 337 (337.00 diss/flow)
+Num dissector calls: 338 (338.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out
index 016fc2143..8855da1c4 100644
--- a/tests/result/alexa-app.pcapng.out
+++ b/tests/result/alexa-app.pcapng.out
@@ -6,7 +6,7 @@ DPI Packets (other):	6	(1.00 pkts/flow)
 Confidence Match by port    : 5 (flows)
 Confidence Match by IP      : 9 (flows)
 Confidence DPI              : 146 (flows)
-Num dissector calls: 537 (3.36 diss/flow)
+Num dissector calls: 538 (3.36 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out
index b48f29331..97513c81f 100644
--- a/tests/result/amqp.pcap.out
+++ b/tests/result/amqp.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	9	(3.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 400 (133.33 diss/flow)
+Num dissector calls: 401 (133.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out
index 454691d48..994b23b03 100644
--- a/tests/result/anyconnect-vpn.pcap.out
+++ b/tests/result/anyconnect-vpn.pcap.out
@@ -7,7 +7,7 @@ Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 5 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 61 (flows)
-Num dissector calls: 922 (13.36 diss/flow)
+Num dissector calls: 923 (13.38 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/cloudflare-warp.pcap.out b/tests/result/cloudflare-warp.pcap.out
index f69777278..bedbe1dcf 100644
--- a/tests/result/cloudflare-warp.pcap.out
+++ b/tests/result/cloudflare-warp.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	4
 DPI Packets (TCP):	41	(5.12 pkts/flow)
 Confidence Match by IP      : 3 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 179 (22.38 diss/flow)
+Num dissector calls: 180 (22.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/emotet.pcap.out b/tests/result/emotet.pcap.out
index e87896e70..df149f905 100644
--- a/tests/result/emotet.pcap.out
+++ b/tests/result/emotet.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	48	(8.00 pkts/flow)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 199 (33.17 diss/flow)
+Num dissector calls: 200 (33.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/ftp-start-tls.pcap.out b/tests/result/ftp-start-tls.pcap.out
index cb7e406d2..5de12a0f0 100644
--- a/tests/result/ftp-start-tls.pcap.out
+++ b/tests/result/ftp-start-tls.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	10	(10.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 152 (152.00 diss/flow)
+Num dissector calls: 153 (153.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/ftp.pcap.out b/tests/result/ftp.pcap.out
index a5ad8311d..05c23c746 100644
--- a/tests/result/ftp.pcap.out
+++ b/tests/result/ftp.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	49	(16.33 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 638 (212.67 diss/flow)
+Num dissector calls: 640 (213.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/ftp_failed.pcap.out b/tests/result/ftp_failed.pcap.out
index 5e50b9cb1..25a9dd19b 100644
--- a/tests/result/ftp_failed.pcap.out
+++ b/tests/result/ftp_failed.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	8	(8.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 151 (151.00 diss/flow)
+Num dissector calls: 152 (152.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out
index 52e35f55d..b558d358e 100644
--- a/tests/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/result/fuzz-2006-06-26-2594.pcap.out
@@ -6,7 +6,7 @@ DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Unknown          : 30 (flows)
 Confidence Match by port    : 28 (flows)
 Confidence DPI              : 193 (flows)
-Num dissector calls: 5363 (21.37 diss/flow)
+Num dissector calls: 5376 (21.42 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/fuzz-2006-09-29-28586.pcap.out b/tests/result/fuzz-2006-09-29-28586.pcap.out
index 226a9b14a..3e1779c3e 100644
--- a/tests/result/fuzz-2006-09-29-28586.pcap.out
+++ b/tests/result/fuzz-2006-09-29-28586.pcap.out
@@ -6,7 +6,7 @@ Confidence Unknown          : 3 (flows)
 Confidence Match by port    : 24 (flows)
 Confidence Match by IP      : 2 (flows)
 Confidence DPI              : 11 (flows)
-Num dissector calls: 1003 (25.08 diss/flow)
+Num dissector calls: 1009 (25.23 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/fuzz-2021-10-13.pcap.out b/tests/result/fuzz-2021-10-13.pcap.out
index cd3f30cf3..5221beef8 100644
--- a/tests/result/fuzz-2021-10-13.pcap.out
+++ b/tests/result/fuzz-2021-10-13.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 121 (121.00 diss/flow)
+Num dissector calls: 122 (122.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out
index c5f5529a5..39f86e22a 100644
--- a/tests/result/google_ssl.pcap.out
+++ b/tests/result/google_ssl.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	28	(28.00 pkts/flow)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 213 (213.00 diss/flow)
+Num dissector calls: 214 (214.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/h323-overflow.pcap.out b/tests/result/h323-overflow.pcap.out
index 4c6c6cc4a..31ffbf4cb 100644
--- a/tests/result/h323-overflow.pcap.out
+++ b/tests/result/h323-overflow.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 123 (123.00 diss/flow)
+Num dissector calls: 124 (124.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/h323.pcap.out b/tests/result/h323.pcap.out
index f2d391de8..02df1ee81 100644
--- a/tests/result/h323.pcap.out
+++ b/tests/result/h323.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	2	(2.00 pkts/flow)
 DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 125 (62.50 diss/flow)
+Num dissector calls: 126 (63.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/imap-starttls.pcap.out b/tests/result/imap-starttls.pcap.out
index 5741fd6f8..9d1045646 100644
--- a/tests/result/imap-starttls.pcap.out
+++ b/tests/result/imap-starttls.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	10	(10.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 179 (179.00 diss/flow)
+Num dissector calls: 180 (180.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/imap.pcap.out b/tests/result/imap.pcap.out
index 7e90c1996..4e86e1b21 100644
--- a/tests/result/imap.pcap.out
+++ b/tests/result/imap.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	11	(11.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 202 (202.00 diss/flow)
+Num dissector calls: 203 (203.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out
index 766def20a..a2efe7ac7 100644
--- a/tests/result/instagram.pcap.out
+++ b/tests/result/instagram.pcap.out
@@ -7,7 +7,7 @@ Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 30 (flows)
-Num dissector calls: 1828 (48.11 diss/flow)
+Num dissector calls: 1832 (48.21 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/irc.pcap.out b/tests/result/irc.pcap.out
index d80f9eb92..6a2cc868a 100644
--- a/tests/result/irc.pcap.out
+++ b/tests/result/irc.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	7	(7.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 157 (157.00 diss/flow)
+Num dissector calls: 158 (158.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/jabber.pcap.out b/tests/result/jabber.pcap.out
index 49646734f..0337fc2b7 100644
--- a/tests/result/jabber.pcap.out
+++ b/tests/result/jabber.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	74	(6.17 pkts/flow)
 Confidence DPI              : 12 (flows)
-Num dissector calls: 1406 (117.17 diss/flow)
+Num dissector calls: 1415 (117.92 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/kerberos.pcap.out b/tests/result/kerberos.pcap.out
index 21a1eb057..85fa3d059 100644
--- a/tests/result/kerberos.pcap.out
+++ b/tests/result/kerberos.pcap.out
@@ -4,7 +4,7 @@ DPI Packets (TCP):	77	(2.14 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 23 (flows)
 Confidence DPI              : 11 (flows)
-Num dissector calls: 3916 (108.78 diss/flow)
+Num dissector calls: 3941 (109.47 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/kismet.pcap.out b/tests/result/kismet.pcap.out
new file mode 100644
index 000000000..fd766859f
--- /dev/null
+++ b/tests/result/kismet.pcap.out
@@ -0,0 +1,24 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	4	(4.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 124 (124.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   6/0 (search/found)
+
+Kismet	35	4871	1
+
+	1	TCP 127.0.0.1:34065 <-> 127.0.0.1:2501 [proto: 309/Kismet][ClearText][Confidence: DPI][cat: Network/14][18 pkts/2029 bytes <-> 17 pkts/2842 bytes][Goodput ratio: 51/67][14.61 sec][bytes ratio: -0.167 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 399/399 857/870 1099/1099 407/366][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/167 1099/253 239/52][PLAIN TEXT (KISMET)][Plen Bins: 6,0,6,0,75,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/log4j-webapp-exploit.pcap.out b/tests/result/log4j-webapp-exploit.pcap.out
index 326d227bb..854137da1 100644
--- a/tests/result/log4j-webapp-exploit.pcap.out
+++ b/tests/result/log4j-webapp-exploit.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	2
 DPI Packets (TCP):	63	(9.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 448 (64.00 diss/flow)
+Num dissector calls: 449 (64.14 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/memcached.cap.out b/tests/result/memcached.cap.out
index f4590b15d..2eec60955 100644
--- a/tests/result/memcached.cap.out
+++ b/tests/result/memcached.cap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 124 (124.00 diss/flow)
+Num dissector calls: 125 (125.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/mongo_false_positive.pcapng.out b/tests/result/mongo_false_positive.pcapng.out
index 8ec804c8d..86aa25856 100644
--- a/tests/result/mongo_false_positive.pcapng.out
+++ b/tests/result/mongo_false_positive.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	26	(26.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 408 (408.00 diss/flow)
+Num dissector calls: 409 (409.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out
index c29f274f9..4414d57ae 100644
--- a/tests/result/mssql_tds.pcap.out
+++ b/tests/result/mssql_tds.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	18	(1.50 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 11 (flows)
-Num dissector calls: 286 (23.83 diss/flow)
+Num dissector calls: 287 (23.92 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/nest_log_sink.pcap.out b/tests/result/nest_log_sink.pcap.out
index a44d6f54f..2ef61843e 100644
--- a/tests/result/nest_log_sink.pcap.out
+++ b/tests/result/nest_log_sink.pcap.out
@@ -4,7 +4,7 @@ DPI Packets (TCP):	130	(10.00 pkts/flow)
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 13 (flows)
-Num dissector calls: 1849 (132.07 diss/flow)
+Num dissector calls: 1861 (132.93 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/netbios.pcap.out b/tests/result/netbios.pcap.out
index da093363e..6cfbe623f 100644
--- a/tests/result/netbios.pcap.out
+++ b/tests/result/netbios.pcap.out
@@ -4,7 +4,7 @@ DPI Packets (TCP):	2	(2.00 pkts/flow)
 DPI Packets (UDP):	14	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 14 (flows)
-Num dissector calls: 137 (9.13 diss/flow)
+Num dissector calls: 138 (9.20 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/nntp.pcap.out b/tests/result/nntp.pcap.out
index 4ca112261..52f87e795 100644
--- a/tests/result/nntp.pcap.out
+++ b/tests/result/nntp.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 130 (130.00 diss/flow)
+Num dissector calls: 131 (131.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out
index 3d17a1843..1f6b66f6d 100644
--- a/tests/result/openvpn.pcap.out
+++ b/tests/result/openvpn.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 DPI Packets (UDP):	5	(2.50 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 389 (129.67 diss/flow)
+Num dissector calls: 390 (130.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/oracle12.pcapng.out b/tests/result/oracle12.pcapng.out
index 6fa5a7386..21f6a887e 100644
--- a/tests/result/oracle12.pcapng.out
+++ b/tests/result/oracle12.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	20	(20.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 289 (289.00 diss/flow)
+Num dissector calls: 290 (290.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/pgsql.pcap.out b/tests/result/pgsql.pcap.out
index 5e8c121f0..1945992ed 100644
--- a/tests/result/pgsql.pcap.out
+++ b/tests/result/pgsql.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	12	(6.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 248 (124.00 diss/flow)
+Num dissector calls: 250 (125.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/pop3.pcap.out b/tests/result/pop3.pcap.out
index af6aca1e2..00a4ea25e 100644
--- a/tests/result/pop3.pcap.out
+++ b/tests/result/pop3.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	10	(10.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 178 (178.00 diss/flow)
+Num dissector calls: 179 (179.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/reasm_crash_anon.pcapng.out b/tests/result/reasm_crash_anon.pcapng.out
index 521fff842..f245a4834 100644
--- a/tests/result/reasm_crash_anon.pcapng.out
+++ b/tests/result/reasm_crash_anon.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	33	(33.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 322 (322.00 diss/flow)
+Num dissector calls: 323 (323.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/reasm_segv_anon.pcapng.out b/tests/result/reasm_segv_anon.pcapng.out
index 2798c61f7..9033f43cd 100644
--- a/tests/result/reasm_segv_anon.pcapng.out
+++ b/tests/result/reasm_segv_anon.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	33	(33.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 258 (258.00 diss/flow)
+Num dissector calls: 259 (259.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/rsh.pcap.out b/tests/result/rsh.pcap.out
index e7d9c1a28..d6b42b187 100644
--- a/tests/result/rsh.pcap.out
+++ b/tests/result/rsh.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	12	(6.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 300 (150.00 diss/flow)
+Num dissector calls: 302 (151.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/rsync.pcap.out b/tests/result/rsync.pcap.out
index bf6bd9502..306a214f3 100644
--- a/tests/result/rsync.pcap.out
+++ b/tests/result/rsync.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	9	(9.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 171 (171.00 diss/flow)
+Num dissector calls: 172 (172.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/rtmp.pcap.out b/tests/result/rtmp.pcap.out
index 6ac5e49fe..4dce1c516 100644
--- a/tests/result/rtmp.pcap.out
+++ b/tests/result/rtmp.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	8	(8.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 153 (153.00 diss/flow)
+Num dissector calls: 154 (154.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out
index 5f276b0db..a68d3a2aa 100644
--- a/tests/result/skype.pcap.out
+++ b/tests/result/skype.pcap.out
@@ -7,7 +7,7 @@ Confidence Unknown          : 61 (flows)
 Confidence Match by port    : 27 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 204 (flows)
-Num dissector calls: 28778 (98.22 diss/flow)
+Num dissector calls: 28864 (98.51 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out
index df43e5671..9182e04e9 100644
--- a/tests/result/skype_no_unknown.pcap.out
+++ b/tests/result/skype_no_unknown.pcap.out
@@ -6,7 +6,7 @@ DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Unknown          : 45 (flows)
 Confidence Match by port    : 22 (flows)
 Confidence DPI              : 200 (flows)
-Num dissector calls: 23896 (89.50 diss/flow)
+Num dissector calls: 23960 (89.74 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/smb_frags.pcap.out b/tests/result/smb_frags.pcap.out
index 902ecfcce..b78696ce3 100644
--- a/tests/result/smb_frags.pcap.out
+++ b/tests/result/smb_frags.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	5	(5.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 153 (153.00 diss/flow)
+Num dissector calls: 154 (154.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/smbv1.pcap.out b/tests/result/smbv1.pcap.out
index 58938d174..a0296924c 100644
--- a/tests/result/smbv1.pcap.out
+++ b/tests/result/smbv1.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	3	(3.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 155 (155.00 diss/flow)
+Num dissector calls: 156 (156.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/smtp.pcap.out b/tests/result/smtp.pcap.out
index 76180498b..f939af4c8 100644
--- a/tests/result/smtp.pcap.out
+++ b/tests/result/smtp.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	11	(11.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 196 (196.00 diss/flow)
+Num dissector calls: 197 (197.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/soap.pcap.out b/tests/result/soap.pcap.out
index bfec6a092..ec202ef57 100644
--- a/tests/result/soap.pcap.out
+++ b/tests/result/soap.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	2
 DPI Packets (TCP):	20	(6.67 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 377 (125.67 diss/flow)
+Num dissector calls: 379 (126.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/socks-http-example.pcap.out b/tests/result/socks-http-example.pcap.out
index fedb19934..c41ea7f81 100644
--- a/tests/result/socks-http-example.pcap.out
+++ b/tests/result/socks-http-example.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	29	(9.67 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 476 (158.67 diss/flow)
+Num dissector calls: 479 (159.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out
index 7591587d3..da56406aa 100644
--- a/tests/result/starcraft_battle.pcap.out
+++ b/tests/result/starcraft_battle.pcap.out
@@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Match by port    : 8 (flows)
 Confidence Match by IP      : 5 (flows)
 Confidence DPI              : 39 (flows)
-Num dissector calls: 1487 (28.60 diss/flow)
+Num dissector calls: 1490 (28.65 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/synscan.pcap.out b/tests/result/synscan.pcap.out
index f4080a7b0..2ac8704f3 100644
--- a/tests/result/synscan.pcap.out
+++ b/tests/result/synscan.pcap.out
@@ -121,7 +121,7 @@ iSCSI	2	116	2
 	44	TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	45	TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	46	TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	47	TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 309/iSCSI][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	47	TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 310/iSCSI][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	48	TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][ClearText][Confidence: Match by port][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	49	TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][ClearText][Confidence: Match by port][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	50	TCP 172.16.0.8:36050 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -183,7 +183,7 @@ iSCSI	2	116	2
 	106	TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	107	TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	108	TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	109	TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 309/iSCSI][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	109	TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 310/iSCSI][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	110	TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][ClearText][Confidence: Match by port][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	111	TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][ClearText][Confidence: Match by port][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	112	TCP 172.16.0.8:36051 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out
index 29441efb9..f1c98ca6b 100644
--- a/tests/result/teams.pcap.out
+++ b/tests/result/teams.pcap.out
@@ -7,7 +7,7 @@ Confidence Unknown          : 1 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI (partial)    : 1 (flows)
 Confidence DPI              : 80 (flows)
-Num dissector calls: 600 (7.23 diss/flow)
+Num dissector calls: 601 (7.24 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/telnet.pcap.out b/tests/result/telnet.pcap.out
index 39ff6ed0b..900c6c296 100644
--- a/tests/result/telnet.pcap.out
+++ b/tests/result/telnet.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	33	(33.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 152 (152.00 diss/flow)
+Num dissector calls: 153 (153.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/threema.pcap.out b/tests/result/threema.pcap.out
index 08a0c87b0..446f15b07 100644
--- a/tests/result/threema.pcap.out
+++ b/tests/result/threema.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	2
 DPI Packets (TCP):	66	(11.00 pkts/flow)
 Confidence Match by IP      : 2 (flows)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 1250 (208.33 diss/flow)
+Num dissector calls: 1256 (209.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/tinc.pcap.out b/tests/result/tinc.pcap.out
index a5a246e42..711c7cc15 100644
--- a/tests/result/tinc.pcap.out
+++ b/tests/result/tinc.pcap.out
@@ -4,7 +4,7 @@ DPI Packets (TCP):	19	(9.50 pkts/flow)
 DPI Packets (UDP):	2	(1.00 pkts/flow)
 Confidence DPI (cache)      : 2 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 526 (131.50 diss/flow)
+Num dissector calls: 528 (132.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/tls-appdata.pcap.out b/tests/result/tls-appdata.pcap.out
index e1ef4256c..fd0bd030e 100644
--- a/tests/result/tls-appdata.pcap.out
+++ b/tests/result/tls-appdata.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	17	(8.50 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 125 (62.50 diss/flow)
+Num dissector calls: 126 (63.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/tls_certificate_too_long.pcap.out b/tests/result/tls_certificate_too_long.pcap.out
index 78cbe1622..e1e5d8785 100644
--- a/tests/result/tls_certificate_too_long.pcap.out
+++ b/tests/result/tls_certificate_too_long.pcap.out
@@ -6,7 +6,7 @@ DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 33 (flows)
-Num dissector calls: 596 (17.03 diss/flow)
+Num dissector calls: 599 (17.11 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/tls_false_positives.pcapng.out b/tests/result/tls_false_positives.pcapng.out
index 17d42c38e..5828d88f6 100644
--- a/tests/result/tls_false_positives.pcapng.out
+++ b/tests/result/tls_false_positives.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	30	(30.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 408 (408.00 diss/flow)
+Num dissector calls: 409 (409.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/tls_invalid_reads.pcap.out b/tests/result/tls_invalid_reads.pcap.out
index 60c0f38ad..9b54ff9ee 100644
--- a/tests/result/tls_invalid_reads.pcap.out
+++ b/tests/result/tls_invalid_reads.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	2
 DPI Packets (TCP):	10	(3.33 pkts/flow)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 125 (41.67 diss/flow)
+Num dissector calls: 126 (42.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/tls_missing_ch_frag.pcap.out b/tests/result/tls_missing_ch_frag.pcap.out
index 2685260e7..afe6ebc7f 100644
--- a/tests/result/tls_missing_ch_frag.pcap.out
+++ b/tests/result/tls_missing_ch_frag.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	3	(3.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 124 (124.00 diss/flow)
+Num dissector calls: 125 (125.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out
index 6174a55d6..a09ba17df 100644
--- a/tests/result/viber.pcap.out
+++ b/tests/result/viber.pcap.out
@@ -5,7 +5,7 @@ DPI Packets (UDP):	27	(1.93 pkts/flow)
 DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Match by IP      : 4 (flows)
 Confidence DPI              : 25 (flows)
-Num dissector calls: 523 (18.03 diss/flow)
+Num dissector calls: 524 (18.07 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/vnc.pcap.out b/tests/result/vnc.pcap.out
index 0dae5d0d7..7714bfe4b 100644
--- a/tests/result/vnc.pcap.out
+++ b/tests/result/vnc.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	10	(5.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 260 (130.00 diss/flow)
+Num dissector calls: 262 (131.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/wa_video.pcap.out b/tests/result/wa_video.pcap.out
index 759a41392..d9b2a2927 100644
--- a/tests/result/wa_video.pcap.out
+++ b/tests/result/wa_video.pcap.out
@@ -4,7 +4,7 @@ DPI Packets (TCP):	33	(33.00 pkts/flow)
 DPI Packets (UDP):	13	(1.00 pkts/flow)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 13 (flows)
-Num dissector calls: 516 (36.86 diss/flow)
+Num dissector calls: 517 (36.93 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out
index 3d7509e7a..cb8e3f58b 100644
--- a/tests/result/waze.pcap.out
+++ b/tests/result/waze.pcap.out
@@ -5,7 +5,7 @@ DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 9 (flows)
 Confidence DPI              : 23 (flows)
-Num dissector calls: 381 (11.55 diss/flow)
+Num dissector calls: 382 (11.58 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out
index d353f4ecb..a6934961e 100644
--- a/tests/result/wechat.pcap.out
+++ b/tests/result/wechat.pcap.out
@@ -6,7 +6,7 @@ DPI Packets (other):	7	(1.00 pkts/flow)
 Confidence Match by port    : 17 (flows)
 Confidence Match by IP      : 8 (flows)
 Confidence DPI              : 78 (flows)
-Num dissector calls: 316 (3.07 diss/flow)
+Num dissector calls: 317 (3.08 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/whatsapp.pcap.out b/tests/result/whatsapp.pcap.out
index 504b59503..47703a542 100644
--- a/tests/result/whatsapp.pcap.out
+++ b/tests/result/whatsapp.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	344	(4.00 pkts/flow)
 Confidence DPI              : 86 (flows)
-Num dissector calls: 12556 (146.00 diss/flow)
+Num dissector calls: 12642 (147.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out
index 2ecad2992..3856bd239 100644
--- a/tests/result/whatsapp_login_chat.pcap.out
+++ b/tests/result/whatsapp_login_chat.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	2
 DPI Packets (TCP):	17	(5.67 pkts/flow)
 DPI Packets (UDP):	7	(1.17 pkts/flow)
 Confidence DPI              : 9 (flows)
-Num dissector calls: 301 (33.44 diss/flow)
+Num dissector calls: 302 (33.56 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/whois.pcapng.out b/tests/result/whois.pcapng.out
index ab84700b9..89afaaa1b 100644
--- a/tests/result/whois.pcapng.out
+++ b/tests/result/whois.pcapng.out
@@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	16	(5.33 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 184 (61.33 diss/flow)
+Num dissector calls: 185 (61.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/z3950.pcapng.out b/tests/result/z3950.pcapng.out
index bd2a14ce8..47d40c7ea 100644
--- a/tests/result/z3950.pcapng.out
+++ b/tests/result/z3950.pcapng.out
@@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	26	(13.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 467 (233.50 diss/flow)
+Num dissector calls: 469 (234.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out
index 802e0dd98..e94888271 100644
--- a/tests/result/zoom.pcap.out
+++ b/tests/result/zoom.pcap.out
@@ -5,7 +5,7 @@ DPI Packets (UDP):	25	(1.47 pkts/flow)
 DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Match by IP      : 2 (flows)
 Confidence DPI              : 31 (flows)
-Num dissector calls: 811 (24.58 diss/flow)
+Num dissector calls: 813 (24.64 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       8/0/0 (insert/search/found)
author	Toni <matzeton@googlemail.com>	2022-08-24 10:50:11 +0200
committer	GitHub <noreply@github.com>	2022-08-24 10:50:11 +0200
commit	30730e95e5a270cb70dd5509fa6e481a7ed4e074 (patch)
tree	4b989f674e6a6fe0c91519c736efd57206bf9113
parent	93a80a1c4b31d0c8b23e92b7005f92597b42268b (diff)