aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorToni <matzeton@googlemail.com>2021-09-20 12:54:01 +0200
committerGitHub <noreply@github.com>2021-09-20 12:54:01 +0200
commitbb52f1362ca80f58eb2bb4a76bb4840fa30afab3 (patch)
tree36a5daeb7701036a23e503da81d03f9ab02427d9
parentd74c2739d53c63c4749ea21d20eb25da3b51768c (diff)
parent03d3e1bafcc2cd966e6590f26de53a3b70901425 (diff)
Merge pull request #1309 from IvanNardi/ipv6-headers
Fix parsing of ipv6 packets with extension headers
Diffstat
-rw-r--r--example/reader_util.c10
-rw-r--r--src/lib/ndpi_main.c6
-rw-r--r--tests/result/alexa-app.pcapng.out4
-rw-r--r--tests/result/android.pcap.out4
-rw-r--r--tests/result/anyconnect-vpn.pcap.out2
-rw-r--r--tests/result/capwap.pcap.out2
-rw-r--r--tests/result/dns_fragmented.pcap.out30
-rw-r--r--tests/result/iphone.pcap.out2
-rw-r--r--tests/result/wechat.pcap.out2
9 files changed, 28 insertions, 34 deletions
diff --git a/example/reader_util.c b/example/reader_util.c
index 9a96810b6..453660ce7 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -669,6 +669,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
u_int16_t ip_offset,
u_int16_t ipsize,
u_int16_t l4_packet_len,
+ u_int16_t l4_offset,
struct ndpi_tcphdr **tcph,
struct ndpi_udphdr **udph,
u_int16_t *sport, u_int16_t *dport,
@@ -679,7 +680,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
u_int16_t *payload_len,
u_int8_t *src_to_dst_direction,
pkt_timeval when) {
- u_int32_t idx, l4_offset, hashval;
+ u_int32_t idx, hashval;
struct ndpi_flow_info flow;
void *ret;
const u_int8_t *l3, *l4;
@@ -697,11 +698,9 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
/* || (iph->frag_off & htons(0x1FFF)) != 0 */)
return NULL;
- l4_offset = iph->ihl * 4;
l3 = (const u_int8_t*)iph;
} else {
- l4_offset = sizeof(struct ndpi_ipv6hdr);
- if(sizeof(struct ndpi_ipv6hdr) > ipsize)
+ if(l4_offset > ipsize)
return NULL;
l3 = (const u_int8_t*)iph6;
@@ -988,7 +987,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo
return(get_ndpi_flow_info(workflow, 6, vlan_id, tunnel_type,
&iph, iph6, ip_offset, ipsize,
- ntohs(iph6->ip6_hdr.ip6_un1_plen),
+ ip_len, l4ptr - (const u_int8_t *)iph6,
tcph, udph, sport, dport,
src, dst, proto, payload,
payload_len, src_to_dst_direction, when));
@@ -1325,6 +1324,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow,
tunnel_type, iph, NULL,
ip_offset, ipsize,
ntohs(iph->tot_len) - (iph->ihl * 4),
+ iph->ihl * 4,
&tcph, &udph, &sport, &dport,
&src, &dst, &proto,
&payload, &payload_len, &src_to_dst_direction, when);
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index c8da3b3d5..4776095ef 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4122,7 +4122,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_str, const u_int8_t **l4ptr,
u_int16_t *l4len, u_int8_t *nxt_hdr) {
while((*nxt_hdr == 0 || *nxt_hdr == 43 || *nxt_hdr == 44 || *nxt_hdr == 60 || *nxt_hdr == 135 || *nxt_hdr == 59)) {
- u_int16_t ehdr_len;
+ u_int16_t ehdr_len, frag_offset;
// no next header
if(*nxt_hdr == 59) {
@@ -4136,6 +4136,10 @@ int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi
}
*nxt_hdr = (*l4ptr)[0];
+ frag_offset = ntohs(*(u_int16_t *)((*l4ptr) + 2)) >> 3;
+ // Handle ipv6 fragments as the ipv4 ones: keep the first fragment, drop the others
+ if (frag_offset != 0)
+ return(1);
*l4len -= 8;
(*l4ptr) += 8;
continue;
diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out
index 0a78ecd47..ab3f6b0f7 100644
--- a/tests/result/alexa-app.pcapng.out
+++ b/tests/result/alexa-app.pcapng.out
@@ -167,8 +167,8 @@ JA3 Host Stats:
144 ICMP 172.16.42.1:0 -> 172.16.42.216:0 [proto: 81/ICMP][ClearText][cat: Network/14][2 pkts/188 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][2.80 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
145 UDP 172.16.42.216:14476 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][Encrypted][cat: Web/5][1 pkts/83 bytes <-> 1 pkts/99 bytes][Goodput ratio: 49/57][0.14 sec][Host: skills-store.amazon.com][54.239.29.253][PLAIN TEXT (skills)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
146 UDP 172.16.42.216:7358 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][Encrypted][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.21 sec][Host: firs-ta-g7g.amazon.com][54.239.22.185][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 147 ICMPV6 [::]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 148 ICMPV6 [fe80::7af8:82ff:fed3:fbc2]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 147 ICMPV6 [::]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 148 ICMPV6 [fe80::7af8:82ff:fed3:fbc2]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
149 UDP 172.16.42.216:4312 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][Encrypted][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.08 sec][Host: pitangui.amazon.com][54.239.28.178][PLAIN TEXT (pitangui)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
150 UDP 172.16.42.216:20922 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][Encrypted][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Host: pitangui.amazon.com][52.94.232.134][PLAIN TEXT (pitangui)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
151 UDP 172.16.42.216:54886 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][Encrypted][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Host: pitangui.amazon.com][52.94.232.134][PLAIN TEXT (pitangui)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/android.pcap.out b/tests/result/android.pcap.out
index c317ed735..feabeb1a5 100644
--- a/tests/result/android.pcap.out
+++ b/tests/result/android.pcap.out
@@ -63,8 +63,8 @@ JA3 Host Stats:
37 UDP 192.168.2.16:18379 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][Encrypted][cat: Web/5][1 pkts/84 bytes <-> 1 pkts/100 bytes][Goodput ratio: 49/57][0.00 sec][Host: datasaver.googleapis.com][172.217.21.202][PLAIN TEXT (datasaver)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
38 UDP 192.168.2.16:39760 <-> 192.168.2.1:53 [proto: 5.239/DNS.GoogleServices][Encrypted][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.04 sec][Host: android.googleapis.com][172.217.22.10][PLAIN TEXT (android)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
39 UDP 192.168.2.16:45863 <-> 216.239.35.8:123 [proto: 9.126/NTP.Google][Encrypted][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes][Goodput ratio: 53/53][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 40 ICMPV6 [::]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][0.22 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 41 ICMPV6 [fe80::4e6a:f6ff:fe9f:f627]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][0.09 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 40 ICMPV6 [::]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][0.22 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 41 ICMPV6 [fe80::4e6a:f6ff:fe9f:f627]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][0.09 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.2.16:10677 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][Encrypted][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.00 sec][Host: proxy.googlezip.net][172.217.20.76][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 UDP 192.168.2.16:22850 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][Encrypted][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.04 sec][Host: proxy.googlezip.net][172.217.20.76][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
44 UDP 192.168.2.16:32412 <-> 192.168.2.1:53 [proto: 5.46/DNS.DataSaver][Encrypted][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/95 bytes][Goodput ratio: 46/55][0.04 sec][Host: check.googlezip.net][173.194.79.114][PLAIN TEXT (googlezip)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out
index 94cdd479e..15ed41df6 100644
--- a/tests/result/anyconnect-vpn.pcap.out
+++ b/tests/result/anyconnect-vpn.pcap.out
@@ -81,7 +81,7 @@ JA3 Host Stats:
52 UDP 10.0.0.227:61613 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/97 bytes <-> 1 pkts/97 bytes][Goodput ratio: 56/56][0.02 sec][Host: lb._dns-sd._udp.0.0.0.10.in-addr.arpa][::][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 UDP 10.0.0.227:49781 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/117 bytes][Goodput ratio: 39/64][0.02 sec][Host: apple.com][17.178.96.59][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
54 UDP 10.0.0.227:52879 <-> 75.75.76.76:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.04 sec][Host: vco.pandion.viasat.com][8.37.102.91][PLAIN TEXT (pandion)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 55 ICMPV6 [fe80::408:3e45:3abc:1552]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][1.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 55 ICMPV6 [fe80::408:3e45:3abc:1552]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][1.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
56 UDP 10.0.0.227:51990 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/91 bytes][Goodput ratio: 43/53][0.04 sec][Host: mail.viasat.com][8.37.103.196][PLAIN TEXT (viasat)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
57 UDP 10.0.0.227:57253 <-> 75.75.75.75:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/71 bytes <-> 1 pkts/87 bytes][Goodput ratio: 40/51][0.02 sec][Host: mozilla.org][63.245.208.195][PLAIN TEXT (mozilla)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
58 UDP 10.0.0.227:58155 <-> 75.75.76.76:53 [proto: 5.118/DNS.Slack][Encrypted][cat: Collaborative/15][1 pkts/69 bytes <-> 1 pkts/85 bytes][Goodput ratio: 39/50][0.03 sec][Host: slack.com][99.86.34.156][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/capwap.pcap.out b/tests/result/capwap.pcap.out
index 1c0e43fd6..f14f7e0cf 100644
--- a/tests/result/capwap.pcap.out
+++ b/tests/result/capwap.pcap.out
@@ -12,7 +12,7 @@ CAPWAP 222 64441 3
1 UDP 192.168.10.9:5246 <-> 192.168.10.10:12380 [proto: 247/CAPWAP][ClearText][cat: Network/14][106 pkts/26144 bytes <-> 111 pkts/37530 bytes][Goodput ratio: 83/88][169.10 sec][bytes ratio: -0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1421/1619 21349/21721 3881/4475][Pkt Len c2s/s2c min/avg/max/stddev: 106/115 247/338 1499/1499 292/381][PLAIN TEXT (Cisco Systems)][Plen Bins: 0,0,30,47,2,6,0,0,2,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,0,0]
2 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: CAPWAP:18/DHCP][ClearText][cat: Network/14][5 pkts/2090 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][59.44 sec][Host: kawai-ipad3][DHCP Fingerprint: 1,3,6,15,119,252][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.10.10:12380 -> 255.255.255.255:5246 [proto: 247/CAPWAP][ClearText][cat: Network/14][4 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][130.41 sec][PLAIN TEXT (838.61f)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 4 ICMPV6 [fe80::fd:7a4c:8d72:7710]:0 -> [ff02::16]:0 [proto: CAPWAP:102/ICMPV6][ClearText][cat: Network/14][2 pkts/352 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][4.56 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 4 ICMPV6 [fe80::fd:7a4c:8d72:7710]:0 -> [ff02::16]:0 [proto: CAPWAP:102/ICMPV6][ClearText][cat: Network/14][2 pkts/352 bytes -> 0 pkts/0 bytes][Goodput ratio: 17/0][4.56 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 ICMPV6 [fe80::fd:7a4c:8d72:7710]:0 -> [ff02::2]:0 [proto: CAPWAP:102/ICMPV6][ClearText][cat: Network/14][2 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 3/0][8.33 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.10.10:49259 -> 255.255.255.255:53 [proto: 5/DNS][ClearText][cat: Network/14][2 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][3.00 sec][Host: cisco-capwap-controller][::][PLAIN TEXT (CAPWAP)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 ICMPV6 [::]:0 -> [ff02::1:ff72:7710]:0 [proto: CAPWAP:102/ICMPV6][ClearText][cat: Network/14][1 pkts/154 bytes -> 0 pkts/0 bytes][Goodput ratio: 10/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/dns_fragmented.pcap.out b/tests/result/dns_fragmented.pcap.out
index a8f70b6b4..71ed95be4 100644
--- a/tests/result/dns_fragmented.pcap.out
+++ b/tests/result/dns_fragmented.pcap.out
@@ -1,21 +1,20 @@
-Guessed flow protos: 7
+Guessed flow protos: 1
DPI Packets (TCP): 12 (6.00 pkts/flow)
-DPI Packets (UDP): 42 (1.68 pkts/flow)
+DPI Packets (UDP): 39 (2.05 pkts/flow)
-Unknown 3 603 3
-DNS 53 16888 21
+DNS 53 16888 18
Google 6 4807 3
1 TCP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:57089 <-> [2001:470:1f0b:16b0::a26:53]:53 [proto: 5/DNS][ClearText][cat: Network/14][6 pkts/578 bytes <-> 4 pkts/2084 bytes][Goodput ratio: 9/83][0.00 sec][Host: weberlab.de][::][bytes ratio: -0.566 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 96/521 140/1818 20/749][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
2 TCP 194.247.5.6:39005 <-> 194.247.5.14:53 [proto: 5/DNS][ClearText][cat: Network/14][6 pkts/458 bytes <-> 4 pkts/2004 bytes][Goodput ratio: 12/86][0.00 sec][Host: weberlab.de][::][bytes ratio: -0.628 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/501 120/1798 20/749][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
- 3 UDP 173.194.169.104:59464 <-> 193.24.227.238:53 [proto: 5.126/DNS.Google][Encrypted][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 58/97][< 1 sec][Host: fg2.weberlab.de][194.247.4.10][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
- 4 UDP 194.247.5.6:51791 <-> 193.24.227.238:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/94 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 55/97][0.01 sec][Host: weberlab.de][::][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
- 5 UDP 74.125.47.136:59330 <-> 193.24.227.238:53 [proto: 5.126/DNS.Google][Encrypted][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 48/97][0.00 sec][Host: weberlab.de][::][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
- 6 UDP 172.217.40.76:56680 <-> 193.24.227.238:53 [proto: 5.126/DNS.Google][Encrypted][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 48/97][< 1 sec][Host: weberlab.de][::][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
- 7 UDP [2001:470:765b::a25:53]:4352 -> [2a00:1450:4013:c06::105]:1 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/1510 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Host: fg2.weberlab.de][194.247.4.10][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
- 8 UDP [2001:470:765b::a25:53]:4352 -> [2a00:1450:4013:c03::10a]:1 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/1510 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Host: pa.weberlab.de][2001:470:1f0b:1024::2][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
- 9 UDP [2001:470:765b::a25:53]:4352 -> [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:1 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/1494 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Host: weberlab.de][::][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0]
+ 3 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:55729 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][ClearText][cat: Network/14][2 pkts/228 bytes <-> 1 pkts/1494 bytes][Goodput ratio: 45/95][5.01 sec][Host: weberlab.de][::][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
+ 4 UDP [2a00:1450:4013:c06::105]:63369 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/121 bytes <-> 1 pkts/1510 bytes][Goodput ratio: 48/95][0.00 sec][Host: fg2.weberlab.de][194.247.4.10][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
+ 5 UDP [2a00:1450:4013:c03::10a]:46433 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/120 bytes <-> 1 pkts/1510 bytes][Goodput ratio: 48/95][0.00 sec][Host: pa.weberlab.de][2001:470:1f0b:1024::2][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
+ 6 UDP 173.194.169.104:59464 <-> 193.24.227.238:53 [proto: 5.126/DNS.Google][Encrypted][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 58/97][< 1 sec][Host: fg2.weberlab.de][194.247.4.10][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
+ 7 UDP 194.247.5.6:51791 <-> 193.24.227.238:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/94 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 55/97][0.01 sec][Host: weberlab.de][::][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
+ 8 UDP 74.125.47.136:59330 <-> 193.24.227.238:53 [proto: 5.126/DNS.Google][Encrypted][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 48/97][0.00 sec][Host: weberlab.de][::][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
+ 9 UDP 172.217.40.76:56680 <-> 193.24.227.238:53 [proto: 5.126/DNS.Google][Encrypted][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 48/97][< 1 sec][Host: weberlab.de][::][Risk: ** DNS packet larger than 512 bytes **** Fragmented DNS message **][Risk Score: 100][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0]
10 UDP [2a00:1450:400c:c00::106]:54430 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/121 bytes <-> 1 pkts/886 bytes][Goodput ratio: 48/93][0.00 sec][Host: fg2.weberlab.de][::][Risk: ** DNS packet larger than 512 bytes **][Risk Score: 50][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 UDP [2a00:1450:4013:c05::10e]:34944 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/121 bytes <-> 1 pkts/886 bytes][Goodput ratio: 48/93][< 1 sec][Host: fg2.weberlab.de][::][Risk: ** DNS packet larger than 512 bytes **][Risk Score: 50][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:33592 <-> [2001:470:765b::a25:53]:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/123 bytes <-> 1 pkts/300 bytes][Goodput ratio: 49/79][0.01 sec][Host: fg2-mgmt.weberlab.de][2001:470:1f0b:16b0::1][PLAIN TEXT (weberlab)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -28,12 +27,3 @@ Google 6 4807 3
19 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:52814 <-> [2606:4700:4700::1111]:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/131 bytes <-> 1 pkts/108 bytes][Goodput ratio: 52/42][0.03 sec][Host: sigfail.verteiltesysteme.net][::][PLAIN TEXT (sigfail)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:42344 <-> [2620:fe::fe]:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/113 bytes <-> 1 pkts/117 bytes][Goodput ratio: 45/47][0.02 sec][Host: formel1.de][85.25.234.253][PLAIN TEXT (formel1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:54590 <-> [2606:4700:4700::1111]:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/106 bytes <-> 1 pkts/122 bytes][Goodput ratio: 41/49][0.01 sec][Host: ns2.weberdns.de][194.247.5.14][PLAIN TEXT (weberdns)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 UDP [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:55729 -> [2001:470:765b::a25:53]:53 [proto: 5/DNS][ClearText][cat: Network/14][2 pkts/228 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][5.00 sec][Host: weberlab.de][::][PLAIN TEXT (weberlab)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 23 UDP [2a00:1450:4013:c06::105]:63369 -> [2001:470:765b::a25:53]:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/121 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: fg2.weberlab.de][::][PLAIN TEXT (weberlab)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 24 UDP [2a00:1450:4013:c03::10a]:46433 -> [2001:470:765b::a25:53]:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/120 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Host: pa.weberlab.de][::][PLAIN TEXT (weberlab)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-
-
-Undetected flows:
- 1 UDP [2001:470:765b::a25:53]:4352 -> [2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb]:1432 [proto: 0/Unknown][ClearText][1 pkts/368 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][PLAIN TEXT (eberlab)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP [2001:470:765b::a25:53]:4352 -> [2a00:1450:4013:c03::10a]:1448 [proto: 0/Unknown][ClearText][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP [2001:470:765b::a25:53]:4352 -> [2a00:1450:4013:c06::105]:1448 [proto: 0/Unknown][ClearText][1 pkts/112 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/iphone.pcap.out b/tests/result/iphone.pcap.out
index ee49063d9..456cc0c50 100644
--- a/tests/result/iphone.pcap.out
+++ b/tests/result/iphone.pcap.out
@@ -60,7 +60,7 @@ JA3 Host Stats:
36 UDP 192.168.2.17:55457 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][Encrypted][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/214 bytes][Goodput ratio: 43/80][0.04 sec][Host: mesu.apple.com][17.253.105.202][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
37 UDP 192.168.2.17:62526 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][Encrypted][cat: Web/5][1 pkts/73 bytes <-> 1 pkts/212 bytes][Goodput ratio: 42/80][0.05 sec][Host: cl4.apple.com][104.73.61.30][PLAIN TEXT (origin)][Plen Bins: 50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
38 UDP 192.168.2.17:52682 <-> 192.168.2.1:53 [proto: 5.143/DNS.AppleiCloud][Encrypted][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.04 sec][Host: www.icloud.com][23.45.74.46][PLAIN TEXT (icloud)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 39 ICMPV6 [fe80::823:3f17:8298:a29c]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/260 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][1.00 sec][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 39 ICMPV6 [fe80::823:3f17:8298:a29c]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/260 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][1.00 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
40 UDP 192.168.2.17:55914 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][Encrypted][cat: Web/5][1 pkts/82 bytes <-> 1 pkts/146 bytes][Goodput ratio: 48/71][0.04 sec][Host: gsp85-ssl.ls.apple.com][17.130.2.46][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
41 UDP 192.168.2.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][ClearText][cat: Network/14][2 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][1.02 sec][Host: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (homekit)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.2.17:64203 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][Encrypted][cat: Web/5][1 pkts/80 bytes <-> 1 pkts/135 bytes][Goodput ratio: 47/68][0.04 sec][Host: basejumper.apple.com][::][PLAIN TEXT (basejumper)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out
index 0a238d9d7..6331292e7 100644
--- a/tests/result/wechat.pcap.out
+++ b/tests/result/wechat.pcap.out
@@ -117,7 +117,7 @@ JA3 Host Stats:
90 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Encrypted][cat: Chat/9][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.31 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
91 TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/TLS.Google][Encrypted][cat: Web/5][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][135.44 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
92 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 6/0][1.43 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 93 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][1 pkts/110 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 93 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][ClearText][cat: Network/14][1 pkts/110 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
94 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][ClearText][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
95 UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: webpush.web.wechat.com.lan][::][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
96 UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5/DNS][ClearText][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Host: webpush.web.wechat.com.lan][::][PLAIN TEXT (webpush)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.