302 files changed, 9149 insertions, 4731 deletions

diff --git a/.gitignore b/.gitignore
index 759db411c..ebacea3cd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,8 @@ compile
 /example/.deps/
 /example/Makefile
 /example/ndpiReader
+/example/Makefile.dpdk
+/example/build
 *.in
 /install-sh
 *.ko
@@ -35,7 +37,7 @@ compile
 /m4/ltversion.m4
 /Makefile
 /missing
-*.[oa]
+*.[o]
 *.obj
 *o.cmd
 *o.cmd
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6dde946ef..930cb4c3b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,119 @@
 # CHANGELOG
 
+#### nDPI 2.6 (December 2018)
+
+## New Supported Protocols and Services
+
+* New Bitcoin, Ethereum, ZCash, Monero dissectors all identified as Mining
+* New Signal.org dissector
+* New Nest Log Sink dissector
+* New UPnP dissector
+* Added support for SMBv1 traffic, split from SMBv23
+
+## Improvements
+
+* Improved Skype detection, merged Skype call in/out into Skype Call
+* Improved heuristics for Skype, Teredo, Netbios
+* Improved SpeedTest (Ookla) detection
+* Improved WhatsApp detection
+* Improved WeChat detection
+* Improved Facebook Messenger detection
+* Improved Messenger/Hangout detection
+* Improved SSL detection, prevent false positives
+* Improved guess for UDP protocols
+* Improved STUN detection
+* Added more Ubuntu servers
+* Added missing categorization with giveup/guess
+* Optimizations for TCP flows that do not start with a SYN packet (early giveup)
+
+## Fixes
+
+* Fixed eDonkey false positives
+* Fixed Dropbox dissector
+* Fixed Spotify dissector
+* Fixed custom protocol loading
+* Fixed missing Application Data packet for TLS
+* Fixed buffer overflows
+* Fixed custom categories match by IP
+* Fixed category field not accounted in ndpi_get_proto_category
+* Fixed null pointer dereference in ndpi_detection_process_packet
+* Fixed compilation on Mac
+
+## Other
+
+* Deb and RPM packages: ndpi with shared libraries and binaries, ndpi-dev with headers and static libraries
+* Protocols now have an optional subprotocol: Spotify cannot have subprotocols, DNS can (DNS.Spotify) 
+* New API functions:
+  - ndpi_fill_ip_protocol_category to handle ICMP flows category
+  - ndpi_flowv4_flow_hash and ndpi_flowv6_flow_hash to support the Community ID Flow Hashing (https://github.com/corelight/community-id-spec)
+  - ndpi_protocol2id to print the protocol as ID
+  - ndpi_get_custom_category_match to search host in custom categories
+* Changed ndpi_detection_giveup API: guess is now part of the call
+* Added DPDK support to ndpiReader
+* Removed Musical.ly protocol (service no longer used)
+* Custom categories have now priority over protocol related categories
+* Improved clang support
+
+------------------------------------------------------------------------
+
+#### nDPI 2.4 (August 2018)
+
+## New Supported Protocols and Services
+
+* Showmax.com
+* Musical.ly
+* RapidVideo
+* VidTO streaming service
+* Apache JServ Protocol
+* Facebook Messenger
+* FacebookZero protocol
+
+## Improvements
+
+* Improved YouTube support
+* Improved Netflix support
+* Updated Google Hangout detection
+* Updated Twitter address range
+* Updated Viber ports, subnet and domain
+* Updated AmazonVideo detection
+* Updated list of FaceBook sites
+* Initial Skype in/out support
+* Improved Tor detection
+* Improved hyperscan support and category definition
+* Custom categories loading, extended ndpiReader (`-c <file>`) for loading name-based categories
+
+## Fixes
+
+* Fixes for Instagram flows classified as Facebook
+* Fixed Spotify detection
+* Fixed minimum packet payload length for SSDP
+* Fixed length check in MSN, x-steam-sid, Tor certificate name
+* Increase client's maximum payload length for SSH
+* Fixed end-of-line bounds handling
+* Fixed substring matching
+* Fix for handling IP address based custom categories
+* Repaired wrong timestamp calculation
+* Fixed memory leak
+* Optimized memory usage
+
+## Other/Changes
+
+* New API calls:
+  * `ndpi_set_detection_preferences()`
+  * `ndpi_load_hostname_category()`
+  * `ndpi_enable_loaded_categories()`
+  * `ndpi_fill_protocol_category()`
+  * `ndpi_process_extra_packet()`
+* Skype CallIn/CallOut are now set as Skype.SkypeCallOut Skype.SkypeCallIn
+* Added support for SMTPS on port 587
+* Changed RTP from VoIP to Media category
+* Added site unavailable category
+* Added custom categories CUSTOM_CATEGORY_MINING, CUSTOM_CATEGORY_MALWARE, CUSTOM_CATEGORY_ADVERTISEMENT, CUSTOM_CATEGORY_BANNED_SITE
+* Implemented hash-based categories
+* Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection
+
+------------------------------------------------------------------------
+
 #### nDPI 2.2.2 (April 2018)
 
 ## Main New Features
@@ -95,7 +209,7 @@
 * Ubiquity AirControl 2
 * HEP (Extensible Encapsulation Protocol)
 * WhatsApp Voice vs WhatsApp (chat, no voice)
-* Viber	
+* Viber
 * Wechat
 * Github
 * Hotmail
@@ -124,7 +238,7 @@
 * Improved HTTP subprotocol matching
 * Implemented DHCP host name extraction
 * Updated Facebook detection by ip server ranges
-* Updated Twitter networks	  
+* Updated Twitter networks
 * Improved Microsoft detection
 * Enhanced Google detection
 * Improved BT-uTP protocol dissection
diff --git a/Makefile.am b/Makefile.am
index 17c674812..37f084916 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,8 +1,7 @@
 ACLOCAL_AMFLAGS = -I m4
-
 SUBDIRS = src/lib example tests
 
-pkgconfigdir = $(libdir)/pkgconfig
+pkgconfigdir = $(prefix)/libdata/pkgconfig
 pkgconfig_DATA = libndpi.pc
 
-EXTRA_DIST = libndpi.sym autogen.sh
+EXTRA_DIST = autogen.sh
diff --git a/README.md b/README.md
index 5aff79ae9..2b062c1a8 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@
 # nDPI
 
 [![Build Status](https://travis-ci.org/ntop/nDPI.png?branch=dev)](https://travis-ci.org/ntop/nDPI)
+[![Code Quality: Cpp](https://img.shields.io/lgtm/grade/cpp/g/ntop/nDPI.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/ntop/nDPI/context:cpp)
+[![Total Alerts](https://img.shields.io/lgtm/alerts/g/ntop/nDPI.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/ntop/nDPI/alerts)
 
 ## What is nDPI ?
 
@@ -34,15 +36,13 @@ The entire procedure of adding new protocols in detail:
 5. Choose (do not change anything) a selection bitmask from: src/include/ndpi_define.h
 6. Add a new entry in ndpi_set_protocol_detection_bitmask2 in: src/lib/ndpi_main.c
 7. Set protocol default ports in ndpi_init_protocol_defaults in: src/lib/ndpi_main.c
-8. Add the new protocol file to: src/lib/Makefile.am
-9.  ./autogen.sh
-10. ./configure
-11. make
-12. make check
+8.  ./autogen.sh
+9. make
+10. make check
 
 ### How to use nDPI to Block Selected Traffic
 
-You can use nDPI to selectively block selected Internet traffic by embedding it onto an application (remember that nDPI us just a library). Both [ntopng](https://github.com/ntop/ntopng) and [nProbe cento](http://www.ntop.org/products/netflow/nprobe-cento/) can do this.
+You can use nDPI to selectively block selected Internet traffic by embedding it onto an application (remember that nDPI is just a library). Both [ntopng](https://github.com/ntop/ntopng) and [nProbe cento](http://www.ntop.org/products/netflow/nprobe-cento/) can do this.
 
 ### DISCLAIMER
 While we do our best to detect network protocols, we cannot guarantee that our software is error free and 100% accurate in protocol detection. Please make sure that you respect the privacy of users and you have proper authorization to listen, capture and inspect network traffic.
diff --git a/autogen.sh b/autogen.sh
index fecb6b1f8..20bf400ab 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -1,11 +1,11 @@
 #!/bin/sh
 
 NDPI_MAJOR="2"
-NDPI_MINOR="3"
+NDPI_MINOR="5"
 NDPI_PATCH="0"
 NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH"
 
-rm -f configure config.h config.h.in src/lib/Makefile.in
+rm -f configure config.h config.h.in
 
 AUTOCONF=$(command -v autoconf)
 AUTOMAKE=$(command -v automake)
diff --git a/configure.seed b/configure.seed
index 9813f54c0..1aa68f17c 100644
--- a/configure.seed
+++ b/configure.seed
@@ -10,6 +10,7 @@ AC_PROG_CC
 AM_PROG_CC_C_O
 AX_PTHREAD
 
+NDPI_VERSION_SHORT="@NDPI_VERSION_SHORT@"
 NDPI_MAJOR="@NDPI_MAJOR@"
 NDPI_MINOR="@NDPI_MINOR@"
 NDPI_PATCH="@NDPI_PATCH@"
@@ -39,6 +40,14 @@ AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h])
 
 PCAP_HOME=$HOME/PF_RING/userland
 
+DPDK_TARGET=
+if test -d $HOME/DPDK; then :
+     echo "Enabling DPDK support in ndpiReader"
+     DPDK_TARGET=dpdk
+else
+    echo  "DPDK support disabled (missing $HOME/DPDK)"
+fi
+
 if test -d $PCAP_HOME; then :
      echo -n ""
 else
@@ -51,19 +60,38 @@ else
      AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"])
 fi
 
-
+MACHINE=`uname -m`
+SYSTEM=`uname -s`
+if test $SYSTEM = "Darwin"; then
+ CC=clang
+fi
+ 
+if test $ax_cv_PTHREAD_CLANG = "yes"; then
+ CC=clang
+fi
+ 
 HS_LIB=
 HS_INC=
-BKP=$LIBS
-LIBS="$LIBS -lstdc++ -lm"
-AC_CHECK_LIB([hs], [hs_compile_multi], AC_DEFINE_UNQUOTED(HAVE_HYPERSCAN, 1, [Intel Hyperscan is present]))
-LIBS=$BKP
-
-if test "x$ac_cv_lib_hs_hs_compile_multi" = xyes; then :
-AC_CHECK_LIB([m], [pow])
-AC_CHECK_LIB([stdc++], [main])
-HS_INC=`pkg-config --cflags libhs`
-HS_LIB=`pkg-config --libs libhs`
+
+AC_ARG_WITH(hyperscan,          [  --with-hyperscan        Enable nDPI build with Intel Hyperscan])
+
+if test "${with_hyperscan+set}" = set; then
+     BKP=$LIBS
+     LIBS="$LIBS -lstdc++ -lm"
+     AC_CHECK_LIB([hs], [hs_compile_multi], AC_DEFINE_UNQUOTED(HAVE_HYPERSCAN, 1, [Intel Hyperscan is present]))
+     LIBS=$BKP
+
+     if test "x$ac_cv_lib_hs_hs_compile_multi" = xyes; then :
+          AC_CHECK_LIB([m], [pow])
+          AC_CHECK_LIB([stdc++], [main])
+          HS_INC=`pkg-config --cflags libhs`
+          HS_LIB=`pkg-config --libs libhs`
+          LDFLAGS="$LDFLAGS $HS_LIB"
+	  AC_MSG_RESULT([compiling with Intel Hyperscan])
+     else
+          AC_MSG_RESULT([Intel Hyperscan not found, exiting. See https://github.com/intel/hyperscan/blob/master/doc/dev-reference/getting_started.rst for install/build instructions])
+          exit 1
+     fi
 fi
 
 if test -f $PCAP_HOME/libpcap/libpcap.a; then :
@@ -119,12 +147,13 @@ AC_ARG_ENABLE([debug-messages],
 
 AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np]))
 
-AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h])
+AC_CONFIG_FILES([Makefile example/Makefile example/Makefile.dpdk tests/Makefile libndpi.pc src/include/ndpi_define.h src/lib/Makefile])
 AC_CONFIG_HEADERS(src/include/ndpi_config.h)
 AC_SUBST(GIT_RELEASE)
 AC_SUBST(NDPI_MAJOR)
 AC_SUBST(NDPI_MINOR)
 AC_SUBST(NDPI_PATCH)
+AC_SUBST(NDPI_VERSION_SHORT)
 AC_SUBST(SVN_DATE)
 AC_SUBST(JSON_C_LIB)
 AC_SUBST(PCAP_INC)
@@ -132,6 +161,7 @@ AC_SUBST(PCAP_LIB)
 AC_SUBST(DL_LIB)
 AC_SUBST(HS_LIB)
 AC_SUBST(HS_INC)
+AC_SUBST(DPDK_TARGET)
 AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP)
 
 AC_OUTPUT
diff --git a/example/Makefile.am b/example/Makefile.am
deleted file mode 100644
index 9eedc21d8..000000000
--- a/example/Makefile.am
+++ /dev/null
@@ -1,12 +0,0 @@
-bin_PROGRAMS = ndpiReader
-
-AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ @HS_INC@
-AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage
-
-LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ @HS_LIB@ -lm
-AM_LDFLAGS = -static @DL_LIB@ @HS_LIB@
-
-ndpiReader_SOURCES = ndpiReader.c ndpi_util.c ndpi_util.h uthash.h
-
-ndpiReader.o: ndpiReader.c
-
diff --git a/example/Makefile.dpdk.in b/example/Makefile.dpdk.in
new file mode 100644
index 000000000..d96975483
--- /dev/null
+++ b/example/Makefile.dpdk.in
@@ -0,0 +1,27 @@
+#
+# Run 'make -f Makefile.dpdk' to compile the DPDK examples
+#
+# See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup
+#
+ifeq ($(RTE_SDK),)
+#$(error "Please define RTE_SDK environment variable")
+RTE_SDK = $(HOME)/DPDK
+RTE_TARGET = build
+endif
+
+# Default target, can be overridden by command line or environment
+RTE_TARGET ?= x86_64-native-linuxapp-gcc
+
+include $(RTE_SDK)/mk/rte.vars.mk
+
+APP = ndpiReader.dpdk
+LIBNDPI = $(PWD)/../src/lib/libndpi.a
+
+SRCS-y := ndpi_util.c ndpiReader.c
+
+CFLAGS += -g
+CFLAGS += -Wno-strict-prototypes -Wno-missing-prototypes -Wno-missing-declarations -Wno-unused-parameter -I $(PWD)/../src/include @CFLAGS@ -DUSE_DPDK
+LDLIBS = $(LIBNDPI) @PCAP_LIB@ -lpthread @LDFLAGS@
+
+include $(RTE_SDK)/mk/rte.extapp.mk
+
diff --git a/example/Makefile.in b/example/Makefile.in
new file mode 100644
index 000000000..bf218f503
--- /dev/null
+++ b/example/Makefile.in
@@ -0,0 +1,33 @@
+CC=@CC@
+CFLAGS=-g -I../src/include @CFLAGS@
+LIBNDPI=../src/lib/libndpi.a
+LDFLAGS=$(LIBNDPI) @PCAP_LIB@ -lpthread @LDFLAGS@
+OBJS=ndpiReader.o ndpi_util.o
+PREFIX?=/usr/local
+
+all: ndpiReader @DPDK_TARGET@
+
+ndpiReader: $(OBJS) $(LIBNDPI)
+	$(CXX) $(CFLAGS) $(OBJS) -o $@ $(LDFLAGS)
+
+%.o: %.c $(HEADERS) Makefile
+	$(CC) $(CFLAGS) -c $< -o $@
+
+install:
+	mkdir -p $(DESTDIR)$(PREFIX)/bin/
+	cp ndpiReader $(DESTDIR)$(PREFIX)/bin/
+	[ -f build/app/ndpiReader.dpdk ] && cp build/app/ndpiReader.dpdk $(DESTDIR)$(PREFIX)/bin/ || true
+	[ -f ndpiReader.dpdk ] && cp ndpiReader.dpdk $(DESTDIR)$(PREFIX)/bin/ || true
+
+dpdk:
+	make -f Makefile.dpdk
+
+clean:
+	/bin/rm -f *.o ndpiReader ndpiReader.dpdk
+	/bin/rm -f .*.dpdk.cmd .*.o.cmd *.dpdk.map .*.o.d
+	/bin/rm -f _install _postbuild _postinstall _preinstall
+	/bin/rm -rf build
+
+distclean: clean
+	/bin/rm -f Makefile.dpdk
+	/bin/rm -f Makefile
diff --git a/example/README.DPDK b/example/README.DPDK
new file mode 100644
index 000000000..472597c3f
--- /dev/null
+++ b/example/README.DPDK
@@ -0,0 +1,31 @@
+Prerequisites
+-------------
+
+You need to install and compile DPDK in your HOME directory as explained in
+See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup
+
+Once DPDK is built make sure to create a symbolic link
+
+$ cd
+$ ln -s dpdk-18.08 DPDK
+
+so the build process will use the DPDK directory letting you have multiple
+DPDK versions available on your system
+
+
+Build
+-----
+Everything will happen automagically but if you want to do it by hand
+do: make -f Makefile.dpdk
+
+
+Run Application
+---------------
+Supposing to capture packets from device eno1 you can start the
+application as follows:
+
+sudo ./build/ndpiReader -c 1 --vdev=net_pcap0,iface=eno1 -- -v 1
+
+NOTE:
+- ndpiReader without DPDK support sits in this directory
+- ndpiReader with DPDK support can be found inside the ./build directory
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 5a8f91139..6c3dfeee8 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -81,7 +81,8 @@ static json_object *jArray_topStats;
 static u_int8_t live_capture = 0;
 static u_int8_t undetected_flows_deleted = 0;
 /** User preferences **/
-static u_int8_t enable_protocol_guess = 1, verbose = 0, json_flag = 0;
+u_int8_t enable_protocol_guess = 1;
+static u_int8_t verbose = 0, json_flag = 0;
 int nDPI_LogLevel = 0;
 char *_debug_protocols = NULL;
 static u_int8_t stats_flag = 0, bpf_filter_flag = 0;
@@ -93,11 +94,11 @@ static u_int16_t decode_tunnels = 0;
 static u_int16_t num_loops = 1;
 static u_int8_t shutdown_app = 0, quiet_mode = 0;
 static u_int8_t num_threads = 1;
-static struct timeval begin, end;
+static struct timeval startup_time, begin, end;
 #ifdef linux
 static int core_affinity[MAX_NUM_READER_THREADS];
 #endif
-static struct timeval pcap_start, pcap_end;
+static struct timeval pcap_start = { 0, 0}, pcap_end = { 0, 0 };
 /** Detection parameters **/
 static time_t capture_for = 0;
 static time_t capture_until = 0;
@@ -111,7 +112,6 @@ struct flow_info {
 
 static struct flow_info *all_flows;
 
-
 struct info_pair {
   u_int32_t addr;
   u_int8_t version; /* IP version */
@@ -135,16 +135,15 @@ struct port_stats {
   u_int32_t cumulative_addr; /*cumulative some of IP addresses */
   addr_node *addr_tree; /* tree of distinct IP addresses */
   struct info_pair top_ip_addrs[MAX_NUM_IP_ADDRESS];
-  u_int8_t hasTopHost; /* as boolean flag*/
-  u_int32_t top_host; /*host that is contributed to > 95% of traffic*/
-  u_int8_t version; /* top host's ip version */
-  char proto[16]; /*application level protocol of top host */
-  UT_hash_handle hh; /* makes this structure hashable */
+  u_int8_t hasTopHost; /* as boolean flag */
+  u_int32_t top_host;  /* host that is contributed to > 95% of traffic */
+  u_int8_t version;    /* top host's ip version */
+  char proto[16];      /* application level protocol of top host */
+  UT_hash_handle hh;   /* makes this structure hashable */
 };
 
 struct port_stats *srcStats = NULL, *dstStats = NULL;
 
-
 // struct to hold count of flows received by destination ports
 struct port_flow_info {
   u_int32_t port; /* key */
@@ -206,7 +205,9 @@ typedef struct ndpi_id {
 
 // used memory counters
 u_int32_t current_ndpi_memory = 0, max_ndpi_memory = 0;
-
+#ifdef USE_DPDK
+static int dpdk_port_id = 0, dpdk_run_capture = 1;
+#endif
 
 void test_lib(); /* Forward */
 
@@ -229,7 +230,11 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle);
 static void help(u_int long_help) {
   printf("Welcome to nDPI %s\n\n", ndpi_revision());
 
-  printf("ndpiReader -i <file|device> [-f <filter>][-s <duration>][-m <duration>]\n"
+  printf("ndpiReader "
+#ifndef USE_DPDK
+	 "-i <file|device> "
+#endif
+	 "[-f <filter>][-s <duration>][-m <duration>]\n"
 	 "          [-p <protos>][-l <loops> [-q][-d][-h][-t][-v <level>]\n"
 	 "          [-n <threads>][-w <file>][-c <file>][-j <file>][-x <file>]\n\n"
 	 "Usage:\n"
@@ -349,6 +354,8 @@ struct ndpi_proto_sorter {
   char name[16];
 };
 
+/* ********************************** */
+
 int cmpProto(const void *_a, const void *_b) {
   struct ndpi_proto_sorter *a = (struct ndpi_proto_sorter*)_a;
   struct ndpi_proto_sorter *b = (struct ndpi_proto_sorter*)_b;
@@ -356,6 +363,8 @@ int cmpProto(const void *_a, const void *_b) {
   return(strcmp(a->name, b->name));
 }
 
+/* ********************************** */
+
 int cmpFlows(const void *_a, const void *_b) {
   struct ndpi_flow_info *fa = ((struct flow_info*)_a)->flow;
   struct ndpi_flow_info *fb = ((struct flow_info*)_b)->flow;
@@ -375,12 +384,14 @@ int cmpFlows(const void *_a, const void *_b) {
   return(0);
 }
 
+/* ********************************** */
+
 void extcap_config() {
   int i, argidx = 0;
   struct ndpi_proto_sorter *protos;
   u_int ndpi_num_supported_protocols = ndpi_get_ndpi_num_supported_protocols(ndpi_info_mod);
   ndpi_proto_defaults_t *proto_defaults = ndpi_get_proto_defaults(ndpi_info_mod);
-  
+
   /* -i <interface> */
   printf("arg {number=%d}{call=-i}{display=Capture Interface}{type=string}"
 	 "{tooltip=The interface name}\n", argidx++);
@@ -453,7 +464,18 @@ static void parseOptions(int argc, char **argv) {
   if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__);
 #endif
 
-  while ((opt = getopt_long(argc, argv, "c:df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:b:x:", longopts, &option_idx)) != EOF) {
+#ifdef USE_DPDK
+  {
+    int ret = rte_eal_init(argc, argv);
+
+    if(ret < 0)
+      rte_exit(EXIT_FAILURE, "Error with EAL initialization\n");
+
+    argc -= ret, argv += ret;
+  }
+#endif
+
+  while((opt = getopt_long(argc, argv, "c:df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:b:x:", longopts, &option_idx)) != EOF) {
 #ifdef DEBUG_TRACE
     if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : "");
 #endif
@@ -547,7 +569,7 @@ static void parseOptions(int argc, char **argv) {
 
     case 'j':
 #ifndef HAVE_JSON_C
-      printf("WARNING: this copy of ndpiReader has been compiled without JSON-C: json export disabled\n");
+      printf("WARNING: this copy of ndpiReader has been compiled without json-c: JSON export disabled\n");
 #else
       _jsonFilePath = optarg;
       json_flag = 1;
@@ -599,9 +621,9 @@ static void parseOptions(int argc, char **argv) {
 
     case '9':
       extcap_packet_filter = ndpi_get_proto_by_name(ndpi_info_mod, optarg);
-      if (extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg);
+      if(extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg);
       break;
-    
+
     case 257:
       _debug_protocols = strdup(optarg);
       break;
@@ -612,6 +634,7 @@ static void parseOptions(int argc, char **argv) {
     }
   }
 
+#ifndef USE_DPDK
   if(!bpf_filter_flag) {
     if(do_capture) {
       quiet_mode = 1;
@@ -626,7 +649,7 @@ static void parseOptions(int argc, char **argv) {
     if(strchr(_pcap_file[0], ',')) { /* multiple ingress interfaces */
       num_threads = 0;               /* setting number of threads = number of interfaces */
       __pcap_file = strtok(_pcap_file[0], ",");
-      while (__pcap_file != NULL && num_threads < MAX_NUM_READER_THREADS) {
+      while(__pcap_file != NULL && num_threads < MAX_NUM_READER_THREADS) {
         _pcap_file[num_threads++] = __pcap_file;
         __pcap_file = strtok(NULL, ",");
       }
@@ -643,25 +666,26 @@ static void parseOptions(int argc, char **argv) {
     if(num_cores > 1 && bind_mask != NULL) {
       char *core_id = strtok(bind_mask, ":");
       thread_id = 0;
-      while (core_id != NULL && thread_id < num_threads) {
+      while(core_id != NULL && thread_id < num_threads) {
         core_affinity[thread_id++] = atoi(core_id) % num_cores;
         core_id = strtok(NULL, ":");
       }
     }
 #endif
   }
+#endif
 
 #ifdef DEBUG_TRACE
   if(trace) fclose(trace);
 #endif
 }
 
+/* ********************************** */
 
 /**
  * @brief From IPPROTO to string NAME
  */
 static char* ipProto2Name(u_int16_t proto_id) {
-
   static char proto[8];
 
   switch(proto_id) {
@@ -689,12 +713,12 @@ static char* ipProto2Name(u_int16_t proto_id) {
   return(proto);
 }
 
+/* ********************************** */
 
 /**
  * @brief A faster replacement for inet_ntoa().
  */
 char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) {
-
   char *cp, *retStr;
   uint byte;
   int n;
@@ -715,7 +739,7 @@ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) {
     }
     *--cp = '.';
     addr >>= 8;
-  } while (--n > 0);
+  } while(--n > 0);
 
   /* Convert the string to lowercase */
   retStr = (char*)(cp+1);
@@ -723,6 +747,8 @@ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) {
   return(retStr);
 }
 
+/* ********************************** */
+
 /**
  * @brief Print the flow
  */
@@ -761,10 +787,12 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
       fprintf(out, "[proto: %u/%s]",
 	      flow->detected_protocol.app_protocol,
 	      ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol));
-    
+
     if(flow->detected_protocol.category != 0)
-      fprintf(out, "[cat: %s]", ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct,
-						       flow->detected_protocol.category));      
+      fprintf(out, "[cat: %s/%u]",
+	      ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct,
+				     flow->detected_protocol.category),
+	      (unsigned int)flow->detected_protocol.category);
 
     fprintf(out, "[%u pkts/%llu bytes ", flow->src2dst_packets, (long long unsigned int) flow->src2dst_bytes);
     fprintf(out, "%s %u pkts/%llu bytes]",
@@ -790,16 +818,20 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
     json_object_object_add(jObj,"host_b.port",json_object_new_int(ntohs(flow->dst_port)));
 
     if(flow->detected_protocol.master_protocol)
-      json_object_object_add(jObj,"detected.master_protocol",json_object_new_int(flow->detected_protocol.master_protocol));
+      json_object_object_add(jObj,"detected.master_protocol",
+			     json_object_new_int(flow->detected_protocol.master_protocol));
 
-    json_object_object_add(jObj,"detected.app_protocol",json_object_new_int(flow->detected_protocol.app_protocol));
+    json_object_object_add(jObj,"detected.app_protocol",
+			   json_object_new_int(flow->detected_protocol.app_protocol));
 
     if(flow->detected_protocol.master_protocol) {
       char tmp[256];
 
       snprintf(tmp, sizeof(tmp), "%s.%s",
-	       ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.master_protocol),
-	       ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol));
+	       ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct,
+				   flow->detected_protocol.master_protocol),
+	       ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct,
+				   flow->detected_protocol.app_protocol));
 
       json_object_object_add(jObj,"detected.protocol.name",
 			     json_object_new_string(tmp));
@@ -834,12 +866,13 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
   }
 }
 
+/* ********************************** */
 
 /**
  * @brief Unknown Proto Walker
  */
-static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) {
-
+static void node_print_unknown_proto_walker(const void *node,
+					    ndpi_VISIT which, int depth, void *user_data) {
   struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node;
   u_int16_t thread_id = *((u_int16_t*)user_data);
 
@@ -852,11 +885,13 @@ static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which,
   }
 }
 
+/* ********************************** */
+
 /**
  * @brief Known Proto Walker
  */
-static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) {
-
+static void node_print_known_proto_walker(const void *node,
+					  ndpi_VISIT which, int depth, void *user_data) {
   struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node;
   u_int16_t thread_id = *((u_int16_t*)user_data);
 
@@ -869,25 +904,7 @@ static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, in
   }
 }
 
-
-/**
- * @brief Guess Undetected Protocol
- */
-static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi_flow_info *flow) {
-
-  flow->detected_protocol = ndpi_guess_undetected_protocol(ndpi_thread_info[thread_id].workflow->ndpi_struct,
-							   flow->protocol,
-							   ntohl(flow->src_ip),
-							   ntohs(flow->src_port),
-							   ntohl(flow->dst_ip),
-							   ntohs(flow->dst_port));
-  // printf("Guess state: %u\n", flow->detected_protocol);
-  if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN)
-    ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols++;
-
-  return(flow->detected_protocol.app_protocol);
-}
-
+/* ********************************** */
 
 /**
  * @brief Proto Guess Walker
@@ -898,15 +915,10 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept
 
   if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */
     if((!flow->detection_completed) && flow->ndpi_flow)
-      flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].workflow->ndpi_struct, flow->ndpi_flow);
-
-    if(enable_protocol_guess) {
-      if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) {
-	node_guess_undetected_protocol(thread_id, flow);
-      }
-    }
+      flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].workflow->ndpi_struct, flow->ndpi_flow, enable_protocol_guess);
 
     process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow);
+
     ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol]       += flow->src2dst_packets + flow->dst2src_packets;
     ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->src2dst_bytes + flow->dst2src_bytes;
     ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++;
@@ -967,7 +979,7 @@ int updateIpTree(u_int32_t key, u_int8_t version,
   if(rootp == (addr_node **)0)
     return 0;
 
-  while (*rootp != (addr_node *)0) {
+  while(*rootp != (addr_node *)0) {
     /* Knuth's T1: */
     if((version == (*rootp)->version) && (key == (*rootp)->addr)) {
       /* T2: */
@@ -997,7 +1009,7 @@ int updateIpTree(u_int32_t key, u_int8_t version,
 /* *********************************************** */
 
 void freeIpTree(addr_node *root) {
-  if (root == NULL)
+  if(root == NULL)
     return;
 
   freeIpTree(root->left);
@@ -1192,9 +1204,9 @@ static void deleteReceivers(struct receiver *receivers) {
 /* *********************************************** */
 /* implementation of: https://jeroen.massar.ch/presentations/files/FloCon2010-TopK.pdf
  *
- * if (table1.size < max1 || acceptable){
+ * if(table1.size < max1 || acceptable){
  *    create new element and add to the table1
- *    if (table1.size > max2) {
+ *    if(table1.size > max2) {
  *      cut table1 back to max1
  *      merge table 1 to table2
  *      if(table2.size > max1)
@@ -1352,7 +1364,6 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi
  * @brief Idle Scan Walker
  */
 static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) {
-
   struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node;
   u_int16_t thread_id = *((u_int16_t *) user_data);
 
@@ -1379,24 +1390,12 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth,
 
 
 /**
- * @brief On Protocol Discover - call node_guess_undetected_protocol() for protocol
+ * @brief On Protocol Discover - demo callback
  */
 static void on_protocol_discovered(struct ndpi_workflow * workflow,
 				   struct ndpi_flow_info * flow,
 				   void * udata) {
-
-  const u_int16_t thread_id = (uintptr_t) udata;
-
-  if(verbose > 1) {
-    if(enable_protocol_guess) {
-      if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) {
-        flow->detected_protocol.app_protocol = node_guess_undetected_protocol(thread_id, flow),
-	  flow->detected_protocol.master_protocol = NDPI_PROTOCOL_UNKNOWN;
-      }
-    }
-
-    // printFlow(thread_id, flow);
-  }
+  ;
 }
 
 #if 0
@@ -1444,7 +1443,6 @@ static void debug_printf(u_int32_t protocol, void *id_struct,
  * @brief Setup for detection begin
  */
 static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
-
   NDPI_PROTOCOL_BITMASK all;
   struct ndpi_workflow_prefs prefs;
 
@@ -1463,19 +1461,23 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
   ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct,
 				 ndpi_pref_dns_dissect_response, 0);
   ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct,
-				 ndpi_pref_enable_category_substring_match, 0);
+				 ndpi_pref_enable_category_substring_match, 1);
 
   ndpi_workflow_set_flow_detected_callback(ndpi_thread_info[thread_id].workflow,
-					   on_protocol_discovered, (void *)(uintptr_t)thread_id);
+					   on_protocol_discovered,
+					   (void *)(uintptr_t)thread_id);
 
   // enable all protocols
   NDPI_BITMASK_SET_ALL(all);
   ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].workflow->ndpi_struct, &all);
 
   // clear memory for results
-  memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter));
-  memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes));
-  memset(ndpi_thread_info[thread_id].workflow->stats.protocol_flows, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_flows));
+  memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter, 0,
+	 sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter));
+  memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes, 0,
+	 sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes));
+  memset(ndpi_thread_info[thread_id].workflow->stats.protocol_flows, 0,
+	 sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_flows));
 
   if(_protoFilePath != NULL)
     ndpi_load_protocols_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _protoFilePath);
@@ -1487,10 +1489,10 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
       while(fd) {
 	char buffer[512], *line, *name, *category;
 	int i;
-	
+
 	if(!(line = fgets(buffer, sizeof(buffer), fd)))
 	  break;
-	
+
 	if(((i = strlen(line)) <= 1) || (line[0] == '#'))
 	  continue;
 	else
@@ -1501,9 +1503,16 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
 	  category = strtok(NULL, "\t");
 
 	  if(category) {
+	    int fields[4];
+
 	    // printf("Loading %s\t%s\n", name, category);
-	    ndpi_load_hostname_category(ndpi_thread_info[thread_id].workflow->ndpi_struct,
-					name, (ndpi_protocol_category_t)atoi(category));
+
+	    if(sscanf(name, "%d.%d.%d.%d", &fields[0], &fields[1], &fields[2], &fields[3]) == 4)
+	      ndpi_load_ip_category(ndpi_thread_info[thread_id].workflow->ndpi_struct,
+				    name, (ndpi_protocol_category_t)atoi(category));
+	    else
+	      ndpi_load_hostname_category(ndpi_thread_info[thread_id].workflow->ndpi_struct,
+					  name, (ndpi_protocol_category_t)atoi(category));
 	  }
 	}
       }
@@ -1599,7 +1608,9 @@ static void json_open_stats_file() {
 
 static void json_close_stats_file() {
   json_object *jObjFinal = json_object_new_object();
-  json_object_object_add(jObjFinal,"duration.in.seconds",json_object_new_int(pcap_analysis_duration));
+
+  json_object_object_add(jObjFinal,"duration.in.seconds",
+			 json_object_new_int(pcap_analysis_duration));
   json_object_object_add(jObjFinal,"statistics", jArray_topStats);
   fprintf(stats_fp,"%s\n",json_object_to_json_string(jObjFinal));
   fclose(stats_fp);
@@ -1879,7 +1890,7 @@ void printPortStats(struct port_stats *stats) {
 /**
  * @brief Print result
  */
-static void printResults(u_int64_t tot_usec) {
+static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_usec) {
   u_int32_t i;
   u_int64_t total_flow_bytes = 0;
   u_int32_t avg_pkt_size = 0;
@@ -1888,6 +1899,7 @@ static void printResults(u_int64_t tot_usec) {
   char buf[32];
 #ifdef HAVE_JSON_C
   FILE *json_fp = NULL;
+  u_int8_t dont_close_json_fp = 0;
   json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj;
 #endif
   long long unsigned int breed_stats[NUM_BREEDS] = { 0 };
@@ -1900,8 +1912,10 @@ static void printResults(u_int64_t tot_usec) {
       continue;
 
     for(i=0; i<NUM_ROOTS; i++) {
-      ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], node_proto_guess_walker, &thread_id);
-      if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id);
+      ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i],
+		 node_proto_guess_walker, &thread_id);
+      if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i],
+						port_stats_walker, &thread_id);
     }
 
     /* Stats aggregation */
@@ -1939,7 +1953,9 @@ static void printResults(u_int64_t tot_usec) {
     printf("\tFlow Memory (per flow):  %-13s\n", formatBytes(sizeof(struct ndpi_flow_struct), buf, sizeof(buf)));
     printf("\tActual Memory:           %-13s\n", formatBytes(current_ndpi_memory, buf, sizeof(buf)));
     printf("\tPeak Memory:             %-13s\n", formatBytes(max_ndpi_memory, buf, sizeof(buf)));
-
+    printf("\tSetup Time:              %lu msec\n", (unsigned long)(setup_time_usec/1000));
+    printf("\tPacket Processing Time:  %lu msec\n", (unsigned long)(processing_time_usec/1000));
+    
     if(!json_flag) {
       printf("\nTraffic statistics:\n");
       printf("\tEthernet bytes:        %-13llu (includes ethernet CRC/IFC/trailer)\n",
@@ -1970,13 +1986,15 @@ static void printResults(u_int64_t tot_usec) {
       printf("\tPacket Len 1024-1500:  %-13lu\n", (unsigned long)cumulative_stats.packet_len[4]);
       printf("\tPacket Len > 1500:     %-13lu\n", (unsigned long)cumulative_stats.packet_len[5]);
 
-      if(tot_usec > 0) {
+      if(processing_time_usec > 0) {
 	char buf[32], buf1[32], when[64];
-	float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec;
-	float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec;
+	float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)processing_time_usec;
+	float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)processing_time_usec;
 	float traffic_duration;
-	if(live_capture) traffic_duration = tot_usec;
+	
+	if(live_capture) traffic_duration = processing_time_usec;
 	else traffic_duration = (pcap_end.tv_sec*1000000 + pcap_end.tv_usec) - (pcap_start.tv_sec*1000000 + pcap_start.tv_usec);
+	
 	printf("\tnDPI throughput:       %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1));
 	t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)traffic_duration;
 	b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)traffic_duration;
@@ -1986,7 +2004,7 @@ static void printResults(u_int64_t tot_usec) {
 	strftime(when, sizeof(when), "%d/%b/%Y %H:%M:%S", localtime(&pcap_end.tv_sec));
 	printf("\tAnalysis end:          %s\n", when);
 	printf("\tTraffic throughput:    %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1));
-	printf("\tTraffic duration:      %.3f sec\n", traffic_duration/1000000);
+	printf("\tTraffic duration:      %.3f sec\n", traffic_duration/1000000);	
       }
 
       if(enable_protocol_guess)
@@ -1996,10 +2014,14 @@ static void printResults(u_int64_t tot_usec) {
 
   if(json_flag) {
 #ifdef HAVE_JSON_C
-    if((json_fp = fopen(_jsonFilePath,"w")) == NULL) {
+    if(!strcmp(_jsonFilePath, "-"))
+      json_fp = stderr, dont_close_json_fp = 1;
+    else if((json_fp = fopen(_jsonFilePath,"w")) == NULL) {
       printf("Error creating .json file %s\n", _jsonFilePath);
       json_flag = 0;
-    } else {
+    }
+
+    if(json_flag) {
       jObj_main = json_object_new_object();
       jObj_trafficStats = json_object_new_object();
       jArray_detProto = json_object_new_array();
@@ -2150,7 +2172,7 @@ static void printResults(u_int64_t tot_usec) {
       json_object_object_add(jObj_main,"unknown.flows",jArray_unknown_flows);
 
     fprintf(json_fp,"%s\n",json_object_to_json_string(jObj_main));
-    fclose(json_fp);
+    if(!dont_close_json_fp) fclose(json_fp);
 #endif
   }
 
@@ -2231,9 +2253,13 @@ free_stats:
  * @brief Force a pcap_dispatch() or pcap_loop() call to return
  */
 static void breakPcapLoop(u_int16_t thread_id) {
+#ifdef USE_DPDK
+  dpdk_run_capture = 0;
+#else
   if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) {
     pcap_breakloop(ndpi_thread_info[thread_id].workflow->pcap_handle);
   }
+#endif
 }
 
 /**
@@ -2300,15 +2326,26 @@ static void configurePcapHandle(pcap_t * pcap_handle) {
  * @brief Open a pcap file or a specified device - Always returns a valid pcap_t
  */
 static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_file) {
-
   u_int snaplen = 1536;
   int promisc = 1;
   char pcap_error_buffer[PCAP_ERRBUF_SIZE];
   pcap_t * pcap_handle = NULL;
 
   /* trying to open a live interface */
-  if((pcap_handle = pcap_open_live((char*)pcap_file, snaplen, promisc,
-				   500, pcap_error_buffer)) == NULL) {
+#ifdef USE_DPDK
+  struct rte_mempool *mbuf_pool = rte_pktmbuf_pool_create("MBUF_POOL", NUM_MBUFS,
+							  MBUF_CACHE_SIZE, 0,
+							  RTE_MBUF_DEFAULT_BUF_SIZE,
+							  rte_socket_id());
+
+  if(mbuf_pool == NULL)
+    rte_exit(EXIT_FAILURE, "Cannot create mbuf pool: are hugepages ok?\n");
+
+  if(dpdk_port_init(dpdk_port_id, mbuf_pool) != 0)
+    rte_exit(EXIT_FAILURE, "DPDK: Cannot init port %u: please see README.dpdk\n", dpdk_port_id);
+#else
+  if((pcap_handle = pcap_open_live((char*)pcap_file, snaplen,
+				   promisc, 500, pcap_error_buffer)) == NULL) {
     capture_for = capture_until = 0;
 
     live_capture = 0;
@@ -2335,11 +2372,17 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi
   } else {
     live_capture = 1;
 
-    if((!json_flag) && (!quiet_mode))
+    if((!json_flag) && (!quiet_mode)) {
+#ifdef USE_DPDK
+      printf("Capturing from DPDK (port 0)...\n");
+#else
       printf("Capturing live traffic from device %s...\n", pcap_file);
+#endif
+    }
   }
 
   configurePcapHandle(pcap_handle);
+#endif /* !DPDK */
 
   if(capture_for > 0) {
     if((!json_flag) && (!quiet_mode))
@@ -2357,7 +2400,7 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi
 /**
  * @brief Check pcap packet
  */
-static void pcap_process_packet(u_char *args,
+static void ndpi_process_packet(u_char *args,
 				const struct pcap_pkthdr *header,
 				const u_char *packet) {
   struct ndpi_proto p;
@@ -2382,11 +2425,11 @@ static void pcap_process_packet(u_char *args,
   if(live_capture) {
     if(ndpi_thread_info[thread_id].last_idle_scan_time + IDLE_SCAN_PERIOD < ndpi_thread_info[thread_id].workflow->last_time) {
       /* scan for idle flows */
-      ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], node_idle_scan_walker, &thread_id);
+      ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx],
+		 node_idle_scan_walker, &thread_id);
 
       /* remove idle flows (unfortunately we cannot do this inline) */
-      while (ndpi_thread_info[thread_id].num_idle_flows > 0) {
-
+      while(ndpi_thread_info[thread_id].num_idle_flows > 0) {
 	/* search and delete the idle flow from the "ndpi_flow_root" (see struct reader thread) - here flows are the node of a b-tree */
 	ndpi_tdelete(ndpi_thread_info[thread_id].idle_flows[--ndpi_thread_info[thread_id].num_idle_flows],
 		     &ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx],
@@ -2450,12 +2493,13 @@ static void pcap_process_packet(u_char *args,
 
   if((pcap_end.tv_sec-pcap_start.tv_sec) > pcap_analysis_duration) {
     int i;
-    u_int64_t tot_usec;
+    u_int64_t processing_time_usec, setup_time_usec;
 
     gettimeofday(&end, NULL);
-    tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec);
-
-    printResults(tot_usec);
+    processing_time_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec);
+    setup_time_usec = begin.tv_sec*1000000 + begin.tv_usec - (startup_time.tv_sec*1000000 + startup_time.tv_usec);
+    
+    printResults(processing_time_usec, setup_time_usec);
 
     for(i=0; i<ndpi_thread_info[thread_id].workflow->prefs.num_roots; i++) {
       ndpi_tdestroy(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], ndpi_flow_info_freer);
@@ -2464,7 +2508,8 @@ static void pcap_process_packet(u_char *args,
       memset(&ndpi_thread_info[thread_id].workflow->stats, 0, sizeof(struct ndpi_stats));
     }
 
-    printf("\n-------------------------------------------\n\n");
+    if(!quiet_mode)
+      printf("\n-------------------------------------------\n\n");
 
     memcpy(&begin, &end, sizeof(begin));
     memcpy(&pcap_start, &pcap_end, sizeof(pcap_start));
@@ -2477,20 +2522,20 @@ static void pcap_process_packet(u_char *args,
  */
 static void runPcapLoop(u_int16_t thread_id) {
   if((!shutdown_app) && (ndpi_thread_info[thread_id].workflow->pcap_handle != NULL))
-    pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &pcap_process_packet, (u_char*)&thread_id);
+    pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &ndpi_process_packet, (u_char*)&thread_id);
 }
 
 /**
  * @brief Process a running thread
  */
 void * processing_thread(void *_thread_id) {
-
   long thread_id = (long) _thread_id;
   char pcap_error_buffer[PCAP_ERRBUF_SIZE];
 
 #if defined(linux) && defined(HAVE_PTHREAD_SETAFFINITY_NP)
   if(core_affinity[thread_id] >= 0) {
     cpu_set_t cpuset;
+    
     CPU_ZERO(&cpuset);
     CPU_SET(core_affinity[thread_id], &cpuset);
 
@@ -2503,6 +2548,33 @@ void * processing_thread(void *_thread_id) {
 #endif
     if((!json_flag) && (!quiet_mode)) printf("Running thread %ld...\n", thread_id);
 
+#ifdef USE_DPDK
+  while(dpdk_run_capture) {
+    struct rte_mbuf *bufs[BURST_SIZE];
+    u_int16_t num = rte_eth_rx_burst(dpdk_port_id, 0, bufs, BURST_SIZE);
+    u_int i;
+    
+    if(num == 0) {
+      usleep(1);
+      continue;
+    }
+
+    for(i = 0; i < PREFETCH_OFFSET && i < num; i++)
+      rte_prefetch0(rte_pktmbuf_mtod(bufs[i], void *));
+
+    for(i = 0; i < num; i++) {
+      char *data = rte_pktmbuf_mtod(bufs[i], char *);
+      int len = rte_pktmbuf_pkt_len(bufs[i]);
+      struct pcap_pkthdr h;
+
+      h.len = h.caplen = len;
+      gettimeofday(&h.ts, NULL);
+
+      ndpi_process_packet((u_char*)&thread_id, &h, (const u_char *)data);
+      rte_pktmbuf_free(bufs[i]);
+    }
+  }
+#else
 pcap_loop:
   runPcapLoop(thread_id);
 
@@ -2515,6 +2587,7 @@ pcap_loop:
       goto pcap_loop;
     }
   }
+#endif
 
   return NULL;
 }
@@ -2525,7 +2598,7 @@ pcap_loop:
  */
 void test_lib() {
   struct timeval end;
-  u_int64_t tot_usec;
+  u_int64_t processing_time_usec, setup_time_usec;
   long thread_id;
 
 #ifdef HAVE_JSON_C
@@ -2577,10 +2650,11 @@ void test_lib() {
   }
 
   gettimeofday(&end, NULL);
-  tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec);
+  processing_time_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec);
+  setup_time_usec = begin.tv_sec*1000000 + begin.tv_usec - (startup_time.tv_sec*1000000 + startup_time.tv_usec);
 
   /* Printing cumulative results */
-  printResults(tot_usec);
+  printResults(processing_time_usec, setup_time_usec);
 
   if(stats_flag) {
 #ifdef HAVE_JSON_C
@@ -2599,7 +2673,7 @@ void test_lib() {
 void automataUnitTest() {
   void *automa;
 
-  assert(automa = ndpi_init_automa());
+  assert((automa = ndpi_init_automa()));
   assert(ndpi_add_string_to_automa(automa, "hello") == 0);
   assert(ndpi_add_string_to_automa(automa, "world") == 0);
   ndpi_finalize_automa(automa);
@@ -3193,17 +3267,19 @@ int orginal_main(int argc, char **argv) {
 #else
   int main(int argc, char **argv) {
 #endif
-    int i;
-
+    int i;    
+    
     if(ndpi_get_api_version() != NDPI_API_VERSION) {
       printf("nDPI Library version mismatch: please make sure this code and the nDPI library are in sync\n");
       return(-1);
     }
-  
+
     automataUnitTest();
 
+    gettimeofday(&startup_time, NULL);
     ndpi_info_mod = ndpi_init_detection_module();
-    if (ndpi_info_mod == NULL) return -1;
+	   
+    if(ndpi_info_mod == NULL) return -1;
 
     memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info));
 
diff --git a/example/ndpi_util.c b/example/ndpi_util.c
index 977a246ec..58dc896b1 100644
--- a/example/ndpi_util.c
+++ b/example/ndpi_util.c
@@ -74,6 +74,8 @@
 #include "ndpi_main.h"
 #include "ndpi_util.h"
 
+extern u_int8_t enable_protocol_guess;
+
 /* ***************************************************** */
 
 void ndpi_free_flow_info_half(struct ndpi_flow_info *flow) {
@@ -219,7 +221,7 @@ void ndpi_flow_info_freer(void *node) {
 /* ***************************************************** */
 
 void ndpi_workflow_free(struct ndpi_workflow * workflow) {
-  int i;
+  u_int i;
 
   for(i=0; i<workflow->prefs.num_roots; i++)
     ndpi_tdestroy(workflow->ndpi_flows_root[i], ndpi_flow_info_freer);
@@ -232,8 +234,8 @@ void ndpi_workflow_free(struct ndpi_workflow * workflow) {
 /* ***************************************************** */
 
 int ndpi_workflow_node_cmp(const void *a, const void *b) {
-  struct ndpi_flow_info *fa = (struct ndpi_flow_info*)a;
-  struct ndpi_flow_info *fb = (struct ndpi_flow_info*)b;
+  const struct ndpi_flow_info *fa = (const struct ndpi_flow_info*)a;
+  const struct ndpi_flow_info *fb = (const struct ndpi_flow_info*)b;
 
   if(fa->hashval < fb->hashval) return(-1); else if(fa->hashval > fb->hashval) return(1);
 
@@ -307,7 +309,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
   u_int32_t idx, l4_offset, hashval;
   struct ndpi_flow_info flow;
   void *ret;
-  u_int8_t *l3, *l4;
+  const u_int8_t *l3, *l4;
 
   /*
     Note: to keep things simple (ndpiReader is just a demo app)
@@ -322,10 +324,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
       return NULL;
 
     l4_offset = iph->ihl * 4;
-    l3 = (u_int8_t*)iph;
+    l3 = (const u_int8_t*)iph;
   } else {
     l4_offset = sizeof(struct ndpi_ipv6hdr);
-    l3 = (u_int8_t*)iph6;
+    l3 = (const u_int8_t*)iph6;
   }
 
   if(l4_packet_len < 64)
@@ -345,7 +347,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
     workflow->stats.max_packet_len = l4_packet_len;
 
   *proto = iph->protocol;
-  l4 = ((u_int8_t *) l3 + l4_offset);
+  l4 = ((const u_int8_t *) l3 + l4_offset);
 
   if(iph->protocol == IPPROTO_TCP && l4_packet_len >= 20) {
     u_int tcp_len;
@@ -355,7 +357,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
     *tcph = (struct ndpi_tcphdr *)l4;
     *sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest);
     tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len);
-    *payload = &l4[tcp_len];
+    *payload = (u_int8_t*)&l4[tcp_len];
     *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff);
   } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) {
     // udp
@@ -363,8 +365,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
     workflow->stats.udp_count++;
     *udph = (struct ndpi_udphdr *)l4;
     *sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest);
-    *payload = &l4[sizeof(struct ndpi_udphdr)];
-    *payload_len = ndpi_max(0, l4_packet_len-sizeof(struct ndpi_udphdr));
+    *payload = (u_int8_t*)&l4[sizeof(struct ndpi_udphdr)];
+    *payload_len = (l4_packet_len > sizeof(struct ndpi_udphdr)) ? l4_packet_len-sizeof(struct ndpi_udphdr) : 0;
   } else {
     // non tcp/udp protocols
     *sport = *dport = 0;
@@ -507,7 +509,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo
   iph.protocol = iph6->ip6_hdr.ip6_un1_nxt;
 
   if(iph.protocol == IPPROTO_DSTOPTS /* IPv6 destination option */) {
-    u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr);
+    const u_int8_t *options = (const u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr);
 
     iph.protocol = options[0];
   }
@@ -530,7 +532,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
 
   /* BITTORRENT */
   if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) {
-    int i, j, n = 0;
+    u_int i, j, n = 0;
 
     for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) {
       sprintf(&flow->bittorent_hash[j], "%02x",
@@ -677,8 +679,9 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow,
       flow->check_extra_packets = 1;
 
     if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN)
-      flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct,
-						      flow->ndpi_flow);
+      flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow,
+						      enable_protocol_guess);
+    
     process_ndpi_collected_info(workflow, flow);
   }
 
@@ -751,8 +754,14 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow,
   workflow->last_time = time;
 
   /*** check Data Link type ***/
-  const int datalink_type = pcap_datalink(workflow->pcap_handle);
+  int datalink_type;
 
+#ifdef USE_DPDK
+  datalink_type = DLT_EN10MB;
+#else
+  datalink_type = (int)pcap_datalink(workflow->pcap_handle);
+#endif
+  
 datalink_check:
   switch(datalink_type) {
   case DLT_NULL:
@@ -1076,3 +1085,49 @@ u_int32_t ethernet_crc32(const void* data, size_t n_bytes) {
   __crc32(data, n_bytes, &crc);
   return crc;
 }
+
+/* *********************************************** */
+
+#ifdef USE_DPDK
+
+static const struct rte_eth_conf port_conf_default = {
+  .rxmode = { .max_rx_pkt_len = ETHER_MAX_LEN }
+};
+
+/* ************************************ */
+
+int dpdk_port_init(int port, struct rte_mempool *mbuf_pool) {
+  struct rte_eth_conf port_conf = port_conf_default;
+  const u_int16_t rx_rings = 1, tx_rings = 1;
+  int retval;
+  u_int16_t q;
+
+  /* 1 RX queue */
+  retval = rte_eth_dev_configure(port, rx_rings, tx_rings, &port_conf);
+
+  if(retval != 0)
+    return retval;
+
+  for (q = 0; q < rx_rings; q++) {
+    retval = rte_eth_rx_queue_setup(port, q, RX_RING_SIZE, rte_eth_dev_socket_id(port), NULL, mbuf_pool);
+    if(retval < 0)
+      return retval;
+  }
+
+  for (q = 0; q < tx_rings; q++) {
+    retval = rte_eth_tx_queue_setup(port, q, TX_RING_SIZE, rte_eth_dev_socket_id(port), NULL);
+    if(retval < 0)
+      return retval;
+  }
+
+  retval = rte_eth_dev_start(port);
+
+  if(retval < 0)
+    return retval;
+
+  rte_eth_promiscuous_enable(port);
+
+  return 0;
+}
+
+#endif
diff --git a/example/ndpi_util.h b/example/ndpi_util.h
index a6adb88c1..eb9ab8e65 100644
--- a/example/ndpi_util.h
+++ b/example/ndpi_util.h
@@ -1,7 +1,7 @@
 /*
  * ndpi_util.h
  *
- * Copyright (C) 2011-16 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -24,13 +24,31 @@
  * If you concern about performance or have to integrate nDPI in your
  * application, you could need to reimplement them yourself.
  *
- * WARNING: this API is unstable! Use it at your own risk!
+ * WARNING: this API is just a demo od nDPI usage: Use it at your own risk!
  */
 #ifndef __NDPI_UTIL_H__
 #define __NDPI_UTIL_H__
 
 #include <pcap.h>
 
+#ifdef USE_DPDK
+#include <rte_eal.h>
+#include <rte_ether.h>
+#include <rte_ethdev.h>
+#include <rte_cycles.h>
+#include <rte_lcore.h>
+#include <rte_mbuf.h>
+
+#define RX_RING_SIZE     128
+#define TX_RING_SIZE     512
+#define NUM_MBUFS       8191
+#define MBUF_CACHE_SIZE  250
+#define BURST_SIZE        32
+#define PREFETCH_OFFSET    3
+
+extern int dpdk_port_init(int port, struct rte_mempool *mbuf_pool);
+#endif
+
 #define MAX_NUM_READER_THREADS     16
 #define IDLE_SCAN_PERIOD           10 /* msec (use TICK_RESOLUTION = 1000) */
 #define MAX_IDLE_TIME           30000
@@ -79,7 +97,7 @@ typedef struct ndpi_flow_info {
   char bittorent_hash[41];
   
   struct {
-    char client_info[48], server_info[48];
+    char client_info[64], server_info[64];
   } ssh_ssl;
 
   void *src_id, *dst_id;
diff --git a/lib b/lib
deleted file mode 120000
index d049b7c46..000000000
--- a/lib
+++ /dev/null
@@ -1 +0,0 @@
-src/lib/.libs
\ No newline at end of file
diff --git a/libndpi.pc.in b/libndpi.pc.in
index 291429cc7..5e1cde70b 100644
--- a/libndpi.pc.in
+++ b/libndpi.pc.in
@@ -7,4 +7,4 @@ Name: libndpi
 Description: deep packet inspection library
 Version: @VERSION@
 Libs: -L${libdir} -lndpi
-Cflags: -I${includedir}/libndpi-@VERSION@
+Cflags: -I${includedir}/ndpi
diff --git a/libndpi.sym b/libndpi.sym
deleted file mode 100644
index 66cffbb18..000000000
--- a/libndpi.sym
+++ /dev/null
@@ -1,75 +0,0 @@
-ndpi_dump_protocols
-ndpi_strnstr
-ndpi_detection_giveup
-ndpi_get_proto_name
-ndpi_free
-ndpi_flow_free
-ndpi_guess_undetected_protocol
-ndpi_tfind
-ndpi_tsearch
-ndpi_set_protocol_detection_bitmask2
-ndpi_detection_get_sizeof_ndpi_id_struct
-ndpi_detection_get_sizeof_ndpi_flow_struct
-ndpi_load_protocols_file
-ndpi_tdestroy
-ndpi_exit_detection_module
-ndpi_l4_detection_process_packet
-ndpi_detection_process_packet
-ndpi_process_extra_packet
-ndpi_twalk
-ndpi_tdelete
-ndpi_revision
-ndpi_init_detection_module
-ndpi_get_num_supported_protocols
-ndpi_set_proto_defaults
-ndpi_get_protocol_id
-ndpi_get_category_id
-ndpi_find_port_based_protocol
-ndpi_get_http_method
-ndpi_get_http_url
-ndpi_get_http_content_type
-ndpi_free_flow
-ndpi_get_proto_breed
-ndpi_get_proto_breed_name
-ndpi_get_proto_by_id
-ndpi_get_proto_by_name
-ndpi_get_protocol_id_master_proto
-ndpi_guess_protocol_id
-ndpi_protocol2name
-ndpi_get_lower_proto
-ndpi_is_proto
-ndpi_malloc
-ndpi_calloc
-ndpi_set_detected_protocol
-ndpi_match_string_subprotocol
-ndpi_init_automa
-ndpi_free_automa
-ndpi_add_string_value_to_automa
-ndpi_add_string_to_automa
-ndpi_finalize_automa
-ndpi_match_string
-ndpi_match_string_id
-set_ndpi_malloc
-set_ndpi_flow_malloc
-set_ndpi_free
-set_ndpi_flow_free
-set_ndpi_debug_function
-ndpi_category_str
-ndpi_get_proto_category
-ndpi_netbios_name_interpret
-ndpi_category_set_name
-ndpi_category_get_name
-ndpi_is_custom_category
-ndpi_is_subprotocol_informative
-ndpi_set_proto_category
-ndpi_get_api_version
-ndpi_network_ptree_match
-ndpi_check_flow_func
-ndpi_fill_protocol_category
-ndpi_load_hostname_category
-ndpi_enable_loaded_categories
-ndpi_set_detection_preferences
-ndpi_get_proto_defaults
-ndpi_get_ndpi_num_supported_protocols
-ndpi_get_ndpi_num_custom_protocols
-ndpi_get_ndpi_detection_module_size
diff --git a/packages/debian b/packages/debian
new file mode 120000
index 000000000..7d13753d7
--- /dev/null
+++ b/packages/debian
@@ -0,0 +1 @@
+ubuntu
\ No newline at end of file
diff --git a/packages/etc/ld.so.conf.d/ndpi.conf b/packages/etc/ld.so.conf.d/ndpi.conf
new file mode 100644
index 000000000..e8e4bdcd4
--- /dev/null
+++ b/packages/etc/ld.so.conf.d/ndpi.conf
@@ -0,0 +1 @@
+/usr/local/lib
diff --git a/packages/openwrt/Makefile b/packages/openwrt/Makefile
new file mode 100644
index 000000000..4b8429b59
--- /dev/null
+++ b/packages/openwrt/Makefile
@@ -0,0 +1,59 @@
+#
+# Copyright (C) 2018 - ntop.org
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libndpi
+PKG_VERSION:=1333.ab2f3ce
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/ntop/nDPI.git
+PKG_SOURCE_VERSION:=ab2f3cefc89017d73e67faa4eb4011e7e3f2044d
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_PROTO:=git
+
+PKG_MAINTAINER:=Emanuele Faranda <faranda@ntop.org>
+PKG_LICENSE:=GPL3
+PKG_BUILD_DEPENDS:=+libpcap
+PKG_BUILD_PARALLEL:=1
+
+# autogen fix
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libndpi
+  SECTION:=network
+  CATEGORY:=Network
+  #DEPENDS:=+libc +libjson-c +libpthread 
+  TITLE:=nDPI Deep Packet Inspection Library
+  URL:=https://www.ntop.org
+endef
+
+define Package/libndpi/description
+ Open and Extensible GPLv3 Deep Packet Inspection Library
+endef
+
+CONFIGURE_ARGS += \
+        --with-pic \
+	--disable-json-c \
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+endef
+
+define Build/Configure
+	( cd $(PKG_BUILD_DIR); ./autogen.sh )
+	$(call Build/Configure/Default)
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(STAGING_DIR)/usr/local/include/libndpi
+	$(CP) $(PKG_BUILD_DIR)/src/include/* $(STAGING_DIR)/usr/local/include/libndpi
+	$(INSTALL_DIR) $(STAGING_DIR)/usr/local/lib
+	$(CP) $(PKG_BUILD_DIR)/src/lib/libndpi.* $(STAGING_DIR)/usr/local/lib
+endef
+
+$(eval $(call BuildPackage,libndpi))
diff --git a/packages/rpm/Makefile.in b/packages/rpm/Makefile.in
new file mode 100644
index 000000000..9546e4473
--- /dev/null
+++ b/packages/rpm/Makefile.in
@@ -0,0 +1,38 @@
+# 
+# RPM Build Process
+#
+APPL=ndpi
+PLATFORM=@PLATFORM@
+GIT_REVISION=@GIT_REVISION@
+PACKAGE_VERSION=@PACKAGE_VERSION@
+PACKAGE=$(APPL)-$(PACKAGE_VERSION)-$(GIT_REVISION).$(PLATFORM).rpm
+DEV_PACKAGE=$(APPL)-dev-$(PACKAGE_VERSION)-$(GIT_REVISION).$(PLATFORM).rpm
+PACKAGE_PATH=$(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(PACKAGE)
+
+package: build-rpm
+
+build-src:
+	cd ../..; ./autogen.sh; ./configure; make clean; make
+
+cleanup-rpm:
+	rm -rf $(HOME)/rpmbuild/BUILD/ndpi* $(HOME)/rpmbuild/SOURCES/ndpi*
+
+build-rpm: build-src cleanup-rpm
+	-rm -rf ndpi-@PACKAGE_VERSION@
+	mkdir -p ndpi-@PACKAGE_VERSION@/packages
+	cp ndpi.spec.in ndpi-@PACKAGE_VERSION@/packages
+	cp ../../Makefile.* ../../libtool ../../configure* ../../config.* ../../install-sh ../../autogen.sh ndpi-@PACKAGE_VERSION@
+	cp -rf ../../src ndpi-@PACKAGE_VERSION@ 
+	cp ../../CHANGELOG.md ../../COPYING ndpi-@PACKAGE_VERSION@ 
+	\rm -f ndpi-@PACKAGE_VERSION@/config.status
+	mkdir -p $(HOME)/rpmbuild/SOURCES
+	tar cvfz $(HOME)/rpmbuild/SOURCES/ndpi-@PACKAGE_VERSION@.tgz ndpi-@PACKAGE_VERSION@
+	@rm -f $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(PACKAGE)
+	@rpmbuild -bb ./$(APPL).spec --define "buildnumber $(GIT_REVISION)"
+	@if [[ $EUID -ne 0 ]]; then ./rpm-sign.exp $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(PACKAGE); fi
+	@if [[ $EUID -ne 0 ]]; then ./rpm-sign.exp $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(DEV_PACKAGE); fi
+	@echo ""
+	@echo "Package contents:"
+	@rpm -qpl $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(PACKAGE)
+	@echo "The package is now available in $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(PACKAGE)"
+
diff --git a/packages/rpm/configure b/packages/rpm/configure
new file mode 100755
index 000000000..f1d1084c3
--- /dev/null
+++ b/packages/rpm/configure
@@ -0,0 +1,2869 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.69 for Makefile.in 1.0.
+#
+#
+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# Use a proper internal environment variable to ensure we don't fall
+  # into an infinite loop, continuously re-executing ourselves.
+  if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+    _as_can_reexec=no; export _as_can_reexec;
+    # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+as_fn_exit 255
+  fi
+  # We don't want this to propagate to other subprocesses.
+          { _as_can_reexec=; unset _as_can_reexec;}
+if test "x$CONFIG_SHELL" = x; then
+  as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+"
+  as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+  exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
+  as_suggested="  as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+  as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+  eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+  test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1"
+  if (eval "$as_required") 2>/dev/null; then :
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+  if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  as_found=:
+  case $as_dir in #(
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     # Try only shells that exist, to save several forks.
+	     as_shell=$as_dir/$as_base
+	     if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		    { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  CONFIG_SHELL=$as_shell as_have_required=yes
+		   if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  break 2
+fi
+fi
+	   done;;
+       esac
+  as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+	      { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+  CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+      if test "x$CONFIG_SHELL" != x; then :
+  export CONFIG_SHELL
+             # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+fi
+
+    if test x$as_have_required = xno; then :
+  $as_echo "$0: This script requires a shell more modern than all"
+  $as_echo "$0: the shells that I found on your system."
+  if test x${ZSH_VERSION+set} = xset ; then
+    $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+    $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+  else
+    $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+  fi
+  exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+  test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  $as_echo "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+  as_lineno_1=$LINENO as_lineno_1a=$LINENO
+  as_lineno_2=$LINENO as_lineno_2a=$LINENO
+  eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+  test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+  # Blame Lee E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+  # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+  # already done that, so ensure we don't try to do so again and fall
+  # in an infinite loop.  This has already happened in practice.
+  _as_can_reexec=no; export _as_can_reexec
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -pR'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -pR'
+  fi
+else
+  as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='Makefile.in'
+PACKAGE_TARNAME='makefile-in'
+PACKAGE_VERSION='1.0'
+PACKAGE_STRING='Makefile.in 1.0'
+PACKAGE_BUGREPORT=''
+PACKAGE_URL=''
+
+ac_subst_vars='LTLIBOBJS
+LIBOBJS
+MAJOR_RELEASE
+GIT_REVISION
+KERNEL
+DATE
+EXTN
+MACHINE
+PLATFORM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *=)   ac_optarg= ;;
+  *)    ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    case $ac_envvar in #(
+      '' | [0-9]* | *[!_$as_cr_alnum]* )
+      as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+    esac
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures Makefile.in 1.0 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking ...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/makefile-in]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of Makefile.in 1.0:";;
+   esac
+  cat <<\_ACEOF
+
+Report bugs to the package provider.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+Makefile.in configure 1.0
+generated by GNU Autoconf 2.69
+
+Copyright (C) 2012 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by Makefile.in $as_me 1.0, which was
+generated by GNU Autoconf 2.69.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    $as_echo "PATH: $as_dir"
+  done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+    2)
+      as_fn_append ac_configure_args1 " '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      as_fn_append ac_configure_args " '$ac_arg'"
+      ;;
+    esac
+  done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  # We do not want a PATH search for config.site.
+  case $CONFIG_SITE in #((
+    -*)  ac_site_file1=./$CONFIG_SITE;;
+    */*) ac_site_file1=$CONFIG_SITE;;
+    *)   ac_site_file1=./$CONFIG_SITE;;
+  esac
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file" \
+      || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special files
+  # actually), so we avoid doing that.  DJGPP emulates it as a regular file.
+  if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+DATE=`date -R`
+KERNEL=`uname -r`
+PLATFORM=`uname -p`
+MACHINE=`uname -m`
+SHORT_MACHINE=`uname -m | cut -b1-3`
+
+EXTN=""
+if test $MACHINE = "x86_64"; then
+  EXTN="amd64"
+else
+  if test $SHORT_MACHINE = "aar"; then
+    EXTN="arm64"
+  else
+    if test $SHORT_MACHINE = "arm"; then
+      EXTN="armhf"
+    else
+      if test $SHORT_MACHINE = "mip"; then
+        EXTN="mips"
+      else
+        EXTN="i386"
+      fi
+    fi
+  fi
+fi
+
+PACKAGE_VERSION=`../version.sh --release`
+MAJOR_RELEASE=`../version.sh --major-release`
+GIT_REVISION=`../version.sh --revision`
+
+ac_config_files="$ac_config_files Makefile ndpi.spec"
+
+
+
+
+
+
+
+
+
+
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes: double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \.
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    if test "x$cache_file" != "x/dev/null"; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+      if test ! -f "$cache_file" || test -h "$cache_file"; then
+	cat confcache >"$cache_file"
+      else
+        case $cache_file in #(
+        */* | ?:*)
+	  mv -f confcache "$cache_file"$$ &&
+	  mv -f "$cache_file"$$ "$cache_file" ;; #(
+        *)
+	  mv -f confcache "$cache_file" ;;
+	esac
+      fi
+    fi
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# Transform confdefs.h into DEFS.
+# Protect against shell expansion while executing Makefile rules.
+# Protect against Makefile macro expansion.
+#
+# If the first sed substitution is executed (which looks for macros that
+# take arguments), then branch to the quote section.  Otherwise,
+# look for a macro that doesn't take arguments.
+ac_script='
+:mline
+/\\$/{
+ N
+ s,\\\n,,
+ b mline
+}
+t clear
+:clear
+s/^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 (][^	 (]*([^)]*)\)[	 ]*\(.*\)/-D\1=\2/g
+t quote
+s/^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 ][^	 ]*\)[	 ]*\(.*\)/-D\1=\2/g
+t quote
+b any
+:quote
+s/[	 `~#$^&*(){}\\|;'\''"<>?]/\\&/g
+s/\[/\\&/g
+s/\]/\\&/g
+s/\$/$$/g
+H
+:any
+${
+	g
+	s/^\n//
+	s/\n/ /g
+	p
+}
+'
+DEFS=`sed -n "$ac_script" confdefs.h`
+
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  $as_echo "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -pR'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -pR'
+  fi
+else
+  as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+  test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by Makefile.in $as_me 1.0, which was
+generated by GNU Autoconf 2.69.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration.  Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+      --config     print configuration, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+
+Configuration files:
+$config_files
+
+Report bugs to the package provider."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+Makefile.in config.status 1.0
+configured by $0, generated by GNU Autoconf 2.69,
+  with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2012 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=?*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  --*=)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --config | --confi | --conf | --con | --co | --c )
+    $as_echo "$ac_cs_config"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    '') as_fn_error $? "missing file argument" ;;
+    esac
+    as_fn_append CONFIG_FILES " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h |  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+  *) as_fn_append ac_config_targets " $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "ndpi.spec") CONFIG_FILES="$CONFIG_FILES ndpi.spec" ;;
+
+  *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp= ac_tmp=
+  trap 'exit_status=$?
+  : "${ac_tmp:=$tmp}"
+  { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+  trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+  eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+  || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=[	 ]*/{
+h
+s///
+s/^/:/
+s/[	 ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[	 ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+
+eval set X "  :F $CONFIG_FILES      "
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$ac_tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      as_fn_append ac_file_inputs " '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$ac_tmp/stdin" \
+      || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  as_dir="$ac_dir"; as_fn_mkdir_p
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+  s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+  >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' \
+      "$ac_tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&2;}
+
+  rm -f "$ac_tmp/stdin"
+  case $ac_file in
+  -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+  *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+  esac \
+  || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+
+
+
+  esac
+
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
diff --git a/packages/rpm/configure.in b/packages/rpm/configure.in
new file mode 100644
index 000000000..1eaa0ea34
--- /dev/null
+++ b/packages/rpm/configure.in
@@ -0,0 +1,44 @@
+AC_INIT([Makefile.in], 1.0)
+
+DATE=`date -R`
+KERNEL=`uname -r`
+PLATFORM=`uname -p`
+MACHINE=`uname -m`
+SHORT_MACHINE=`uname -m | cut -b1-3`
+
+EXTN=""
+if test $MACHINE = "x86_64"; then
+  EXTN="amd64"
+else
+  if test $SHORT_MACHINE = "aar"; then
+    EXTN="arm64"
+  else
+    if test $SHORT_MACHINE = "arm"; then
+      EXTN="armhf"
+    else
+      if test $SHORT_MACHINE = "mip"; then
+        EXTN="mips"
+      else	
+        EXTN="i386"
+      fi
+    fi
+  fi
+fi
+
+PACKAGE_VERSION=`../version.sh --release`
+MAJOR_RELEASE=`../version.sh --major-release`
+GIT_REVISION=`../version.sh --revision`
+
+AC_CONFIG_FILES([Makefile ndpi.spec])
+
+AC_SUBST(PACKAGE_VERSION)
+AC_SUBST(PLATFORM)
+AC_SUBST(MACHINE)
+AC_SUBST(EXTN)
+AC_SUBST(DATE)
+AC_SUBST(KERNEL)
+AC_SUBST(GIT_REVISION)
+AC_SUBST(MAJOR_RELEASE)
+
+AC_OUTPUT
+
diff --git a/packages/rpm/ndpi.spec.in b/packages/rpm/ndpi.spec.in
new file mode 100644
index 000000000..7b9b44365
--- /dev/null
+++ b/packages/rpm/ndpi.spec.in
@@ -0,0 +1,90 @@
+Summary: L7 DPI library
+Name: ndpi
+Version: @PACKAGE_VERSION@
+Release: %{buildnumber}
+License: LGPL
+Group: Networking/Utilities
+Conflicts: nprobe-dev 
+URL: http://www.ntop.org/products/deep-packet-inspection/ndpi/
+Source: ndpi-%{version}.tgz
+Packager: Luca Deri <deri@ntop.org>
+BuildRoot:  %{_tmppath}/%{name}-%{version}-root
+%{?el7:Requires: glibc >= 2.3.4 numactl coreutils }
+%{?el6:Requires: glibc >= 2.3.4 numactl coreutils }
+AutoReqProv: no
+
+%description
+nDPI Open and Extensible LGPLv3 Deep Packet Inspection Library.
+
+%package dev
+Summary: Header files and development libraries for %{name}
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%description dev
+This package contains the header files and development libraries
+for %{name}. If you like to develop programs using %{name},
+you will need to install %{name}-dev.
+
+%prep
+
+%setup -q
+
+# Execution order:
+# install:    pre -> (copy) -> post
+# upgrade:    pre -> (copy) -> post -> preun (old) -> (delete old) -> postun (old)
+# un-install:                          preun       -> (delete)     -> postun
+
+%pre
+
+%post
+
+%build
+PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+%define includedir    /usr/local/include/ndpi
+%define libdir        /usr/local/lib
+%define bindir        /usr/local/bin
+
+%install
+PATH=/usr/bin:/bin:/usr/sbin:/sbin
+if [ -d $RPM_BUILD_ROOT ]; then
+	\rm -rf $RPM_BUILD_ROOT
+fi
+mkdir -p $RPM_BUILD_ROOT%{includedir}
+mkdir -p $RPM_BUILD_ROOT%{libdir}
+mkdir -p $RPM_BUILD_ROOT%{bindir}
+cd $HOME/nDPI; make DESTDIR=$RPM_BUILD_ROOT install;
+rm $RPM_BUILD_ROOT%{libdir}/libndpi.so
+rm $RPM_BUILD_ROOT%{libdir}/libndpi.so.?
+cd $RPM_BUILD_ROOT%{libdir}/; ln -s libndpi.so.@PACKAGE_VERSION@ libndpi.so.@MAJOR_RELEASE@; cd -
+cd $RPM_BUILD_ROOT%{libdir}/; ln -s libndpi.so.@PACKAGE_VERSION@ libndpi.so; cd -
+mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d
+cp $HOME/nDPI/packages/etc/ld.so.conf.d/ndpi.conf $RPM_BUILD_ROOT/etc/ld.so.conf.d
+strip $RPM_BUILD_ROOT%{bindir}/*
+rm -fr %{buildroot}%{includedir}/ndpi_win32.h
+
+%clean
+rm -fr $RPM_BUILD_ROOT
+
+%files
+%defattr(-, root, root)
+
+/usr/local/lib/libndpi.so
+/usr/local/lib/libndpi.so.@MAJOR_RELEASE@
+/usr/local/lib/libndpi.so.@PACKAGE_VERSION@
+/usr/local/bin/ndpiReader
+/etc/ld.so.conf.d/ndpi.conf
+/usr/local/libdata/pkgconfig/libndpi.pc
+
+%preun
+
+%files dev
+%defattr(-,root,root,-)
+
+%{includedir}
+%{libdir}/libndpi.a
+
+%changelog
+* Mon Nov 19 2018 Alfredo Cardigliano <cardigliano@ntop.org> 2.5
+- Initial package version
diff --git a/packages/rpm/rpm-sign.exp b/packages/rpm/rpm-sign.exp
new file mode 100755
index 000000000..04e424014
--- /dev/null
+++ b/packages/rpm/rpm-sign.exp
@@ -0,0 +1,10 @@
+#!/usr/bin/expect -f
+  
+### rpm-sign.exp -- Sign RPMs by sending the passphrase.
+   
+spawn rpm --addsign {*}$argv
+  expect -exact "Enter pass phrase: "
+  send -- "\r"
+  expect eof
+  
+## end of rpm-sign.exp
\ No newline at end of file
diff --git a/packages/ubuntu/Makefile b/packages/ubuntu/Makefile
deleted file mode 100644
index 5f1684155..000000000
--- a/packages/ubuntu/Makefile
+++ /dev/null
@@ -1,42 +0,0 @@
-#
-# Change it according to your setup
-#
-NDPI_HOME=$(PWD)/../..
-NDPI_BUILD=${NDPI_HOME}/packages/ubuntu
-
-all: clean ndpi
-
-ndpi:
-	\rm -rf ./usr ./debian/tmp ./debian/ndpi-dev
-	mkdir -p ./usr/local ./debian/ndpi-dev
-	mkdir -p  ./usr/local/ndpi/lib ./usr/local/ndpi/bin ./ndpi-dev/usr/local/include/ndpi/
-	cd ${NDPI_HOME}; ./autogen.sh; ./configure; make
-	cp  $(NDPI_HOME)/lib/libndpi.a $(NDPI_HOME)/lib/libndpi.so*  ./usr/local/ndpi/lib/
-	cp  $(NDPI_HOME)/example/ndpiReader   ./usr/local/ndpi/bin/
-	cp  $(NDPI_HOME)/src/include/*.h  ndpi-dev/usr/local/include/ndpi/
-	-rm -fr ndpi-dev/usr/local/include/nprobe/ndpi/.svn ndpi-dev/usr/local/include/ndpi/Makefile* ndpi-dev/usr/local/include/ndpi/ndpi_win32.h* ndpi-dev/usr/local/include/ndpi/include
-	-find ./usr/local/lib -name "*.la" -exec /bin/rm {} ';'
-	@echo
-	@find . -name "*~" -exec /bin/rm {} ';'
-	dpkg-buildpackage -rfakeroot -d -us -uc
-	dpkg-sig --sign builder -k 7921DF34 ../ndpi*deb
-	@\rm -f ../ndpi*dsc ../ndpi*.gz ../ndpi*changes
-	@/bin/mv ../ndpi*deb .
-	@echo
-	@echo "Package built."
-	@/bin/ls ndpi*deb
-	@echo "-------------------------------"
-	-dpkg --contents ndpi*amd64.deb
-	@echo "-------------------------------"
-	@echo "-------------------------------"
-	-dpkg --contents ndpi*all.deb
-	@echo "-------------------------------"
-
-distclean:
-	echo "dummy distclean"
-
-install:
-	echo "dummy install"
-
-clean:
-	-rm -rf *~ *deb debian/tmp ./usr
diff --git a/packages/ubuntu/Makefile.in b/packages/ubuntu/Makefile.in
index 5f1684155..a728cd13b 100644
--- a/packages/ubuntu/Makefile.in
+++ b/packages/ubuntu/Makefile.in
@@ -7,29 +7,33 @@ NDPI_BUILD=${NDPI_HOME}/packages/ubuntu
 all: clean ndpi
 
 ndpi:
-	\rm -rf ./usr ./debian/tmp ./debian/ndpi-dev
-	mkdir -p ./usr/local ./debian/ndpi-dev
-	mkdir -p  ./usr/local/ndpi/lib ./usr/local/ndpi/bin ./ndpi-dev/usr/local/include/ndpi/
+	\rm -rf ./debian/ndpi-tmp ./debian/ndpi-dev-tmp ./debian/ndpi ./debian/ndpi-dev
+	mkdir -p ./debian/ndpi-tmp ./debian/ndpi-dev-tmp
+	mkdir -p  ./debian/ndpi-tmp/usr/local/lib ./debian/ndpi-tmp/usr/local/bin 
+	mkdir -p ./debian/ndpi-dev-tmp/usr/local/lib ./debian/ndpi-dev-tmp/usr/local/include/ndpi
 	cd ${NDPI_HOME}; ./autogen.sh; ./configure; make
-	cp  $(NDPI_HOME)/lib/libndpi.a $(NDPI_HOME)/lib/libndpi.so*  ./usr/local/ndpi/lib/
-	cp  $(NDPI_HOME)/example/ndpiReader   ./usr/local/ndpi/bin/
-	cp  $(NDPI_HOME)/src/include/*.h  ndpi-dev/usr/local/include/ndpi/
-	-rm -fr ndpi-dev/usr/local/include/nprobe/ndpi/.svn ndpi-dev/usr/local/include/ndpi/Makefile* ndpi-dev/usr/local/include/ndpi/ndpi_win32.h* ndpi-dev/usr/local/include/ndpi/include
-	-find ./usr/local/lib -name "*.la" -exec /bin/rm {} ';'
+	cp $(NDPI_HOME)/src/lib/libndpi.so.@NDPI_VERS@ ./debian/ndpi-tmp/usr/local/lib/
+	cd ./debian/ndpi-tmp/usr/local/lib/; ln -s libndpi.so.@NDPI_VERS@ libndpi.so; cd -
+	cd ./debian/ndpi-tmp/usr/local/lib/; ln -s libndpi.so.@NDPI_VERS@ libndpi.so.@MAJOR_RELEASE@; cd -
+	cp $(NDPI_HOME)/src/lib/libndpi.a ./debian/ndpi-dev-tmp/usr/local/lib/
+	cp $(NDPI_HOME)/example/ndpiReader ./debian/ndpi-tmp/usr/local/bin/
+	cp $(NDPI_HOME)/src/include/*.h ./debian/ndpi-dev-tmp/usr/local/include/ndpi/
+	-rm -fr ./debian/ndpi-dev-tmp/usr/local/include/ndpi/ndpi_win32.h*
 	@echo
-	@find . -name "*~" -exec /bin/rm {} ';'
+	@find ./debian/ndpi-tmp -name "*~" -exec /bin/rm {} ';'
+	@find ./debian/ndpi-dev-tmp -name "*~" -exec /bin/rm {} ';'
 	dpkg-buildpackage -rfakeroot -d -us -uc
-	dpkg-sig --sign builder -k 7921DF34 ../ndpi*deb
+	dpkg-sig --sign builder -k D1EB60BE ../ndpi*deb
 	@\rm -f ../ndpi*dsc ../ndpi*.gz ../ndpi*changes
 	@/bin/mv ../ndpi*deb .
 	@echo
 	@echo "Package built."
 	@/bin/ls ndpi*deb
 	@echo "-------------------------------"
-	-dpkg --contents ndpi*amd64.deb
+	-dpkg --contents ndpi_*.deb
 	@echo "-------------------------------"
 	@echo "-------------------------------"
-	-dpkg --contents ndpi*all.deb
+	-dpkg --contents ndpi-dev_*.deb
 	@echo "-------------------------------"
 
 distclean:
@@ -39,4 +43,4 @@ install:
 	echo "dummy install"
 
 clean:
-	-rm -rf *~ *deb debian/tmp ./usr
+	-rm -rf *~ *deb ./usr ./debian/ndpi ./debian/ndpi-dev ./debian/ndpi-tmp ./debian/ndpi-dev-tmp
diff --git a/packages/ubuntu/configure b/packages/ubuntu/configure
index 857a095ca..c67f37e88 100755
--- a/packages/ubuntu/configure
+++ b/packages/ubuntu/configure
@@ -583,13 +583,12 @@ PACKAGE_URL=''
 
 ac_subst_vars='LTLIBOBJS
 LIBOBJS
-PFRING_SVN_RELEASE
-SVN_RELEASE
+MAJOR_RELEASE
+GIT_REVISION
 KERNEL
 DATE
 EXTN
 MACHINE
-PFRING_VERS
 NDPI_VERS
 target_alias
 host_alias
@@ -610,6 +609,7 @@ infodir
 docdir
 oldincludedir
 includedir
+runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -674,6 +674,7 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -926,6 +927,15 @@ do
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
 
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
+
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1063,7 +1073,7 @@ fi
 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
 		datadir sysconfdir sharedstatedir localstatedir includedir \
 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir
+		libdir localedir mandir runstatedir
 do
   eval ac_val=\$$ac_var
   # Remove trailing slashes.
@@ -1216,6 +1226,7 @@ Fine tuning of the installation directories:
   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
   --libdir=DIR            object code libraries [EPREFIX/lib]
   --includedir=DIR        C header files [PREFIX/include]
   --oldincludedir=DIR     C header files for non-gcc [/usr/include]
@@ -1670,37 +1681,43 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
 
-NDPI_VERS=`cat ../../config.h | grep -w VERSION | cut -d \" -f 2`
-PFRING_VERS=`cat $HOME/PF_RING/kernel/linux/pf_ring.h | grep RING_VERSION | head -1 | cut -d '"' -f 2`
-SVN_RELEASE=`svn info ../.. | grep "^Revision"|cut -d " " -f 2`
-PFRING_SVN_RELEASE=`svn info $HOME/PF_RING | grep "^Revision"|cut -d " " -f 2`
+DATE=`date -R`
+KERNEL=`uname -r`
 MACHINE=`uname -m`
+SHORT_MACHINE=`uname -m | cut -b1-3`
 
+EXTN=""
 if test $MACHINE = "x86_64"; then
-   EXTN="amd64"
+  EXTN="amd64"
 else
-   EXTN="i386"
+  if test $SHORT_MACHINE = "aar"; then
+    EXTN="arm64"
+  else
+    if test $SHORT_MACHINE = "arm"; then
+      EXTN="armhf"
+    else
+      if test $SHORT_MACHINE = "mip"; then
+        EXTN="mips"
+      else
+        EXTN="i386"
+      fi
+    fi
+  fi
 fi
 
-DATE=`date -R`
-KERNEL=`uname -r`
-
-
-
-
+NDPI_VERS=`../version.sh --release`
+MAJOR_RELEASE=`../version.sh --major-release`
+GIT_REVISION=`../version.sh --revision`
 
+ac_config_files="$ac_config_files Makefile debian/changelog debian/files debian/control"
 
 
 
 
 
-ac_config_files="$ac_config_files Makefile"
 
-ac_config_files="$ac_config_files debian/changelog"
 
-ac_config_files="$ac_config_files debian/files"
 
-ac_config_files="$ac_config_files debian/control"
 
 
 cat >confcache <<\_ACEOF
diff --git a/packages/ubuntu/configure.in b/packages/ubuntu/configure.in
index bf0608cf5..a6f490308 100644
--- a/packages/ubuntu/configure.in
+++ b/packages/ubuntu/configure.in
@@ -1,32 +1,41 @@
 AC_INIT([Makefile.in], 1.0)
 
-NDPI_VERS=`cat ../../config.h | grep -w VERSION | cut -d \" -f 2`
-PFRING_VERS=`cat $HOME/PF_RING/kernel/linux/pf_ring.h | grep RING_VERSION | head -1 | cut -d '"' -f 2`
-SVN_RELEASE=`svn info ../.. | grep "^Revision"|cut -d " " -f 2`
-PFRING_SVN_RELEASE=`svn info $HOME/PF_RING | grep "^Revision"|cut -d " " -f 2`
+DATE=`date -R`
+KERNEL=`uname -r`
 MACHINE=`uname -m`
+SHORT_MACHINE=`uname -m | cut -b1-3`
 
+EXTN=""
 if test $MACHINE = "x86_64"; then
-   EXTN="amd64"
+  EXTN="amd64"
 else
-   EXTN="i386"
+  if test $SHORT_MACHINE = "aar"; then
+    EXTN="arm64"
+  else
+    if test $SHORT_MACHINE = "arm"; then
+      EXTN="armhf"
+    else
+      if test $SHORT_MACHINE = "mip"; then
+        EXTN="mips"
+      else	
+        EXTN="i386"
+      fi
+    fi
+  fi
 fi
 
-DATE=`date -R`
-KERNEL=`uname -r`
+NDPI_VERS=`../version.sh --release`
+MAJOR_RELEASE=`../version.sh --major-release`
+GIT_REVISION=`../version.sh --revision`
+
+AC_CONFIG_FILES([Makefile debian/changelog debian/files debian/control])
 
 AC_SUBST(NDPI_VERS)
-AC_SUBST(PFRING_VERS)
 AC_SUBST(MACHINE)
 AC_SUBST(EXTN)
 AC_SUBST(DATE)
 AC_SUBST(KERNEL)
-AC_SUBST(SVN_RELEASE)
-AC_SUBST(PFRING_SVN_RELEASE)
-
-AC_CONFIG_FILES(Makefile)
-AC_CONFIG_FILES(debian/changelog)
-AC_CONFIG_FILES(debian/files)
-AC_CONFIG_FILES(debian/control)
+AC_SUBST(GIT_REVISION)
+AC_SUBST(MAJOR_RELEASE)
 
 AC_OUTPUT
diff --git a/packages/ubuntu/debian/README b/packages/ubuntu/debian/README
index 6563a5d36..ccecea75a 100644
--- a/packages/ubuntu/debian/README
+++ b/packages/ubuntu/debian/README
@@ -1,2 +1,2 @@
 This directory contains the files needed to build the package
-named 'nprobe' for the Debian GNU/Linux distribution.
+named 'ndpi' for the Debian GNU/Linux distribution.
diff --git a/packages/ubuntu/debian/changelog.in b/packages/ubuntu/debian/changelog.in
index 15d86b02d..bf80f34a9 100644
--- a/packages/ubuntu/debian/changelog.in
+++ b/packages/ubuntu/debian/changelog.in
@@ -1,4 +1,4 @@
-ndpi (@NDPI_VERS@-@SVN_RELEASE@) stable; urgency=high
+ndpi (@NDPI_VERS@-@GIT_REVISION@) stable; urgency=high
    * Last packaged version
 
  -- Luca Deri <deri@ntop.org>  @DATE@
diff --git a/packages/ubuntu/debian/compat b/packages/ubuntu/debian/compat
index d00491fd7..ec635144f 100644
--- a/packages/ubuntu/debian/compat
+++ b/packages/ubuntu/debian/compat
@@ -1 +1 @@
-1
+9
diff --git a/packages/ubuntu/debian/control.in b/packages/ubuntu/debian/control.in
index 56191e2eb..cf9a26488 100644
--- a/packages/ubuntu/debian/control.in
+++ b/packages/ubuntu/debian/control.in
@@ -2,27 +2,25 @@ Source: ndpi
 Section: free
 Priority: optional
 Maintainer: Luca Deri <deri@ntop.org>
-Standards-Version: @NDPI_VERSION@
+Standards-Version: @NDPI_VERS@
 Build-Depends:
 Build-Conflicts:
 
 Package: ndpi
 Architecture: @EXTN@
-Depends: pfring (=@PFRING_VERS@-@PFRING_SVN_RELEASE@), libnuma
+Depends: libnuma1
 Recommends:
 Suggests:
 Pre-Depends:
 Conflicts:
 Provides:
 Replaces:
-Description: A network probe.
+Description: A L7 DPI library.
 
 Package: ndpi-dev
 Section: libdevel
-Architecture: all
+Architecture: @EXTN@
 Depends: ndpi (= ${binary:Version}), ${misc:Depends}
 Conflicts: 
-Description: development library and header files for ndpi
- Headers, static libraries, and documentation for the ndpi library
-
+Description: Development library and header files for ndpi
 
diff --git a/packages/ubuntu/debian/dirs b/packages/ubuntu/debian/dirs
index c648ad7d0..e69de29bb 100644
--- a/packages/ubuntu/debian/dirs
+++ b/packages/ubuntu/debian/dirs
@@ -1 +0,0 @@
-usr/local/ndpi
diff --git a/packages/ubuntu/debian/postinst b/packages/ubuntu/debian/postinst
index 65bf04230..202f79aa8 100755
--- a/packages/ubuntu/debian/postinst
+++ b/packages/ubuntu/debian/postinst
@@ -17,18 +17,7 @@ esac
 
 umask 022
 
-# Update shared libs
-echo "/usr/local/lib\n" > /etc/ld.so.conf.d/nprobe.conf
 echo "Rebuilding ld cache..."
 /sbin/ldconfig
 
-echo "Adding the nprobe startup script"
-update-rc.d nprobe defaults 93 >/dev/null
-
-echo "Making the /etc/nprobe directory..."
-mkdir -p /etc/nprobe/
-
-echo "Making the /var/log/nprobe directory..."
-mkdir -p /var/log/nprobe
-
 exit 0
diff --git a/packages/ubuntu/debian/postrm b/packages/ubuntu/debian/postrm
index 8ea16af2d..3347514a1 100644
--- a/packages/ubuntu/debian/postrm
+++ b/packages/ubuntu/debian/postrm
@@ -2,12 +2,6 @@
 
 set -e
 
-#\/bin/rm /etc/ld.so.conf.d/nprobe.conf
 /sbin/ldconfig
 
-# Not needed: upstart does it
-if [ "$1" = "purge" ] ; then
-  update-rc.d nprobe remove >/dev/null
-fi
-
 exit 0
diff --git a/packages/ubuntu/debian/preinst b/packages/ubuntu/debian/preinst
index cf9323e94..89699e385 100644
--- a/packages/ubuntu/debian/preinst
+++ b/packages/ubuntu/debian/preinst
@@ -1,5 +1,5 @@
 #! /bin/sh
-# preinst script for nbox
+# preinst script
 #
 # see: dh_installdeb(1)
 
@@ -13,9 +13,6 @@ set -e
 
 case "$1" in
     install|upgrade)
-    if test -f /usr/local/sbin/nprobe; then
-	rm  /usr/local/sbin/nprobe
-    fi
     ;;
 
     abort-upgrade)
@@ -30,6 +27,4 @@ esac
 # dh_installdeb will replace this with shell code automatically
 # generated by other debhelper scripts.
 
-
-
 exit 0
diff --git a/packages/ubuntu/debian/prerm b/packages/ubuntu/debian/prerm
index 58af3b74c..8f91692e0 100755
--- a/packages/ubuntu/debian/prerm
+++ b/packages/ubuntu/debian/prerm
@@ -1,14 +1,10 @@
 #!/bin/sh -e
 
-# Only shut the daemon down if we're really removing the package.  If this is
-# an upgrade, we will instead do a restart in the postinst... this keeps nprobe
-# from being left shut down for a long time, which could pose problems.
 case "$1" in
 upgrade)
 	;;
 *)
-	/etc/init.d/nprobe stop
 	;;
 esac
 
-exit 0
\ No newline at end of file
+exit 0
diff --git a/packages/ubuntu/debian/rules b/packages/ubuntu/debian/rules
index a5fbcda09..a72ae122f 100755
--- a/packages/ubuntu/debian/rules
+++ b/packages/ubuntu/debian/rules
@@ -1,16 +1,7 @@
 #!/usr/bin/make -f
 
 # Uncomment this to turn on verbose mode.
-# export DH_VERBOSE=1
-
-#
-# debian/compat
-# We should use at least compatibility version 5
-# but this requires the whole building process
-# to be remade and this is something we leave
-# to when we will have more time
-# http://www.tin.org/bin/man.cgi?section=7&topic=debhelper
-#
+export DH_VERBOSE=1
 
 package=ndpi
 
@@ -37,20 +28,20 @@ binary-indep: build install
 binary-arch: build install
 	dh_testdir
 	dh_testroot
-	dh_clean -k
+	dh_prep
+	#dh_clean -k
 	dh_installdirs
 	dh_installinit
 	dh_installman
-# install the files into debian/tmp.
-	cp -r ./usr/ ./debian/tmp	
-	cp -r ./ndpi-dev/* ./debian/ndpi-dev/
-	-find ./debian/tmp -name .svn -exec /bin/rm -rf {} ';'
-	-find ./debian/tmp -executable -type f |xargs strip
 	dh_link
 	dh_strip
 	dh_compress
 	dh_fixperms
 	dh_installdeb
+	mkdir -p ./debian/ndpi ./debian/ndpi-dev
+	cp -r ./debian/ndpi-tmp/*     ./debian/ndpi/
+	cp -r ./debian/ndpi-dev-tmp/* ./debian/ndpi-dev/
+	-find ./debian/ndpi -executable -type f | xargs strip
 	dh_gencontrol
 	dh_md5sums
 	dh_builddeb
diff --git a/packages/version.sh b/packages/version.sh
new file mode 100755
index 000000000..4ef853249
--- /dev/null
+++ b/packages/version.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+SCRIPTPATH="$(cd "$(dirname "$0")"; pwd -P)"
+RELEASE="$(cd ${SCRIPTPATH}; cat ../configure.ac|grep C_INIT|cut -c 21-|rev|cut -c 3-|rev)"
+MAJOR_RELEASE="$(cd ${SCRIPTPATH}; cat ../configure.ac|grep C_INIT|cut -c 21-|rev|cut -c 3-|rev|cut -d. -f1)"
+REVISION="$(cd ${SCRIPTPATH}; git rev-list --all |wc -l | tr -d '[[:space:]]')"
+
+get_release() {
+	echo "${RELEASE}"
+	exit 0
+}
+
+get_major_release() {
+	echo "${MAJOR_RELEASE}"
+	exit 0
+}
+
+get_revision() {
+	echo "${REVISION}"
+	exit 0
+}
+
+get_version() {
+	echo "${RELEASE}-${REVISION}"
+	exit 0
+}
+
+case "$1" in
+  --release)
+	get_release;
+	;;
+  --major-release)
+	get_major_release;
+	;;
+  --revision)
+	get_revision;
+	;;
+  --version)
+	get_version;
+	;;
+  *)
+	echo "Usage: ${0} {--release|--major-release|--revision|--version}"
+	exit 1
+esac
+
+exit 0
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index 16ac45de0..e57f3a568 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -213,11 +213,13 @@ extern "C" {
    *
    * @par    ndpi_struct  = the detection module
    * @par    flow         = the flow given for the detection module
+   * @par    enable_guess = guess protocol if unknown
    * @return the detected protocol even if the flow is not completed;
    *
    */
   ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct,
-				      struct ndpi_flow_struct *flow);
+				      struct ndpi_flow_struct *flow,
+				      u_int8_t enable_guess);
 
   /**
    * Processes an extra packet in order to get more information for a given protocol
@@ -326,6 +328,7 @@ extern "C" {
    * Search and return the protocol guessed that is undetected
    *
    * @par    ndpi_struct  = the detection module
+   * @par    flow         = the flow we're trying to guess, NULL if not available
    * @par    proto        = the l4 protocol number
    * @par    shost        = source address in host byte order
    * @par    sport        = source port number
@@ -335,6 +338,7 @@ extern "C" {
    *
    */
   ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
+					       struct ndpi_flow_struct *flow,
 					       u_int8_t proto,
 					       u_int32_t shost,
 					       u_int16_t sport,
@@ -346,6 +350,7 @@ extern "C" {
    * @par    ndpi_struct         = the detection module
    * @par    string_to_match     = the string to match
    * @par    string_to_match_len = the length of the string
+   * @par    ret_match           = completed returned match information
    * @par    is_host_match       = value of the second field of struct ndpi_automa
    * @return the ID of the matched subprotocol
    *
@@ -353,6 +358,7 @@ extern "C" {
   int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
 				    char *string_to_match,
 				    u_int string_to_match_len,
+				    ndpi_protocol_match_result *ret_match,
 				    u_int8_t is_host_match);
   /**
    * Check if the host passed match with a protocol
@@ -361,6 +367,7 @@ extern "C" {
    * @par    flow                = the flow where match the host
    * @par    string_to_match     = the string to match
    * @par    string_to_match_len = the length of the string
+   * @par    ret_match           = completed returned match information
    * @par    master_protocol_id  = value of the ID associated to the master protocol detected
    * @return the ID of the matched subprotocol
    *
@@ -369,6 +376,7 @@ extern "C" {
 				  struct ndpi_flow_struct *flow,
 				  char *string_to_match,
 				  u_int string_to_match_len,
+				  ndpi_protocol_match_result *ret_match,
 				  u_int16_t master_protocol_id);
 
 
@@ -379,6 +387,7 @@ extern "C" {
    * @par    flow                = the flow where match the host
    * @par    string_to_match     = the string to match
    * @par    string_to_match_len = the length of the string
+   * @par    ret_match           = completed returned match information
    * @par    master_protocol_id  = value of the ID associated to the master protocol detected
    * @return the ID of the matched subprotocol
    *
@@ -387,6 +396,7 @@ extern "C" {
 				     struct ndpi_flow_struct *flow,
 				     char *string_to_match,
 				     u_int string_to_match_len,
+				     ndpi_protocol_match_result *ret_match,
 				     u_int16_t master_protocol_id);
   /**
    * Exclude protocol from search
@@ -427,6 +437,20 @@ extern "C" {
 			   ndpi_protocol proto, char *buf, u_int buf_len);
 
   /**
+   * Same as ndpi_protocol2name() with the difference that the numeric protocol
+   * name is returned
+   *
+   * @par     ndpi_mod      = the detection module
+   * @par     proto         = the struct ndpi_protocol contain the protocols name
+   * @par     buf           = the buffer to write the name of the protocols
+   * @par     buf_len       = the length of the buffer
+   * @return  the buffer contains the master_protocol and protocol name
+   *
+   */
+  char* ndpi_protocol2id(struct ndpi_detection_module_struct *ndpi_mod,
+			 ndpi_protocol proto, char *buf, u_int buf_len);
+
+  /**
    * Find out if a given category is custom/user-defined
    *
    * @par     category      = the category associated to the protocol
@@ -606,7 +630,7 @@ extern "C" {
   void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct,
 		       void* automa);
 
-#ifdef NDPI_PROTOCOL_HTTP
+/* NDPI_PROTOCOL_HTTP */
   /**
    * Retrieve information for HTTP flows
    *
@@ -639,9 +663,8 @@ extern "C" {
   */
   char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod,
 				   struct ndpi_flow_struct *flow);
-#endif
 
-#ifdef NDPI_PROTOCOL_TOR
+/* NDPI_PROTOCOL_TOR */
   /**
    * Check if the flow could be detected as TOR protocol
    *
@@ -654,7 +677,6 @@ extern "C" {
    */
   int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct,
 		      struct ndpi_flow_struct *flow, char *certificate);
-#endif
 
   /* Wrappers functions */
   /**
@@ -717,9 +739,14 @@ extern "C" {
   int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct,
 				  char *name, ndpi_protocol_category_t category);
   int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_struct);
+  int ndpi_fill_ip_protocol_category(struct ndpi_detection_module_struct *ndpi_struct,
+				 const struct ndpi_iphdr *iph,
+				 ndpi_protocol *ret);
   void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct,
 				   struct ndpi_flow_struct *flow,
 				   ndpi_protocol *ret);
+  int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_struct,
+				      char *name_or_ip, unsigned long *id);
   int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_mod,
 				     ndpi_detection_preference pref,
 				     int value);
@@ -752,6 +779,14 @@ extern "C" {
   void * ndpi_calloc(unsigned long count, size_t size);
   void ndpi_free(void *ptr);
   u_int8_t ndpi_get_api_version();
+
+  /* https://github.com/corelight/community-id-spec */
+  int ndpi_flowv4_flow_hash(u_int8_t l4_proto, u_int32_t src_ip, u_int32_t dst_ip, u_int16_t src_port, u_int16_t dst_port,
+			    u_int8_t icmp_type, u_int8_t icmp_code, u_char *hash_buf, u_int8_t hash_buf_len);
+  int ndpi_flowv6_flow_hash(u_int8_t l4_proto, struct ndpi_in6_addr *src_ip, struct ndpi_in6_addr *dst_ip,
+			    u_int16_t src_port, u_int16_t dst_port, u_int8_t icmp_type, u_int8_t icmp_code,
+			    u_char *hash_buf, u_int8_t hash_buf_len);
+  
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in
index a641c7b66..a73e03bc5 100644
--- a/src/include/ndpi_define.h.in
+++ b/src/include/ndpi_define.h.in
@@ -231,11 +231,11 @@
 # define NDPI_LOG_DBG(...) {}
 # define NDPI_LOG_DBG2(...) {}
 # else
-# define NDPI_LOG(proto, mod, log_level, args...) {}
-# define NDPI_LOG_ERR(mod, args...) {}
-# define NDPI_LOG_INFO(mod, args...) {}
-# define NDPI_LOG_DBG(mod,  args...) {}
-# define NDPI_LOG_DBG2(mod, args...) {}
+# define NDPI_LOG(proto, mod, log_level, args...) { /* printf(args); */ }
+# define NDPI_LOG_ERR(mod, args...)  { printf(args); }
+# define NDPI_LOG_INFO(mod, args...) { /* printf(args); */ }
+# define NDPI_LOG_DBG(mod,  args...) { /* printf(args); */ }
+# define NDPI_LOG_DBG2(mod, args...) { /* printf(args); */ }
 # endif
 #endif							/* NDPI_ENABLE_DEBUG_MESSAGES */
 
@@ -332,6 +332,7 @@
 #endif
 
 #define NDPI_MAX_DNS_REQUESTS                   16
+#define NDPI_MIN_NUM_STUN_DETECTION             8
 
 #define NDPI_MAJOR                              @NDPI_MAJOR@
 #define NDPI_MINOR                              @NDPI_MINOR@
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index b76335e02..e37576289 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -1,7 +1,7 @@
 /*
  * ndpi_main.h
  *
- * Copyright (C) 2011-16 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -53,34 +53,56 @@ extern "C" {
   extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst,
 				 u_int32_t net, u_int32_t num_bits);
 
-  u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-
-  u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-  u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-  u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-  u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-  u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+  u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str,
+					    u_int16_t max_chars_to_read,
+					    u_int16_t * bytes_read);
+
+  u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read,
+				      u_int16_t * bytes_read);
+  u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read,
+					u_int16_t * bytes_read);
+  u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str,
+						 u_int16_t max_chars_to_read,
+						 u_int16_t * bytes_read);
+  u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str,
+						   u_int16_t max_chars_to_read,
+						   u_int16_t * bytes_read);
+  u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read,
+				    u_int16_t * bytes_read);
 
   void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
 				  struct ndpi_flow_struct *flow,
 				  u_int16_t upper_detected_protocol,
 				  u_int16_t lower_detected_protocol);
 
-  extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
-  extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+  extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct,
+					  struct ndpi_flow_struct *flow);
+  extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct,
+					      struct ndpi_flow_struct *flow);
 
-  extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter);
+  extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct,
+						struct ndpi_flow_struct *flow, u_int16_t counter);
 
-  extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
+  extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct,
+					      struct ndpi_flow_struct *flow,
 					      u_int16_t upper_detected_protocol,
 					      u_int16_t lower_detected_protocol);
-  extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
+  extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct,
+				       struct ndpi_flow_struct *flow,
 				       u_int16_t upper_detected_protocol,
 				       u_int16_t lower_detected_protocol);
-  extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId,
-				      u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName,
+  extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct,
+				       struct ndpi_flow_struct *flow,
+				       ndpi_protocol_category_t protocol_category);
+
+  extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod,
+				      ndpi_protocol_breed_t protoBreed, u_int16_t protoId,
+				      u_int8_t can_have_a_subprotocol,
+				      u_int16_t tcp_alias_protoId[2],
+				      u_int16_t udp_alias_protoId[2], char *protoName,
 				      ndpi_protocol_category_t protoCategory,
-				      ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts);
+				      ndpi_port_range *tcpDefPorts,
+				      ndpi_port_range *udpDefPorts);
 
   extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet);
   extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow);
@@ -90,24 +112,27 @@ extern "C" {
   extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
   extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
 
-  extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip);
-  extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet);
+  extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct,
+				  const ndpi_ip_addr_t * ip);
+  extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct,
+					     const struct ndpi_packet_struct *packet);
   extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id);
   u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name);
 
   extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct,
+					  struct ndpi_flow_struct *flow,
 					  u_int8_t proto, u_int16_t sport, u_int16_t dport,
 					  u_int8_t *user_defined_proto);
 
   extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto);
 
   extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p);
-  extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id,
+  extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct,
+					       u_int16_t protocol_id,
 					       u_int16_t** tcp_master_proto,
 					       u_int16_t** udp_master_proto);
-#ifdef NDPI_PROTOCOL_NETBIOS
+  #/* NDPI_PROTOCOL_NETBIOS */
   int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len);
-#endif
   
 #ifdef NDPI_ENABLE_DEBUG_MESSAGES
   void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct,
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index d04722b8d..14f1810ed 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -33,262 +33,265 @@
 #define NDPI_DETECTION_SUPPORT_IPV6
 #define NDPI_PROTOCOL_SIZE                  2
 
-#define NDPI_PROTOCOL_UNKNOWN               0
+typedef enum {
+  NDPI_PROTOCOL_UNKNOWN               = 0,
+  NDPI_PROTOCOL_FTP_CONTROL           = 1, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_MAIL_POP              = 2,
+  NDPI_PROTOCOL_MAIL_SMTP             = 3,
+  NDPI_PROTOCOL_MAIL_IMAP             = 4,
+  NDPI_PROTOCOL_DNS                   = 5,
+  NDPI_PROTOCOL_IPP                   = 6,
+  NDPI_PROTOCOL_HTTP                  = 7,
+  NDPI_PROTOCOL_MDNS                  = 8,
+  NDPI_PROTOCOL_NTP                   = 9,
+  NDPI_PROTOCOL_NETBIOS               = 10,
+  NDPI_PROTOCOL_NFS                   = 11,
+  NDPI_PROTOCOL_SSDP                  = 12,
+  NDPI_PROTOCOL_BGP                   = 13,
+  NDPI_PROTOCOL_SNMP                  = 14,
+  NDPI_PROTOCOL_XDMCP                 = 15,
+  NDPI_PROTOCOL_SMBV1                 = 16, /* SMB version 1 */
+  NDPI_PROTOCOL_SYSLOG                = 17,
+  NDPI_PROTOCOL_DHCP                  = 18,
+  NDPI_PROTOCOL_POSTGRES              = 19,
+  NDPI_PROTOCOL_MYSQL                 = 20,
+  NDPI_PROTOCOL_HOTMAIL               = 21,
+  NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK  = 22,
+  NDPI_PROTOCOL_MAIL_POPS             = 23,
+  NDPI_PROTOCOL_APPLEJUICE            = 24,
+  NDPI_PROTOCOL_DIRECTCONNECT         = 25,
+  NDPI_PROTOCOL_NTOP                  = 26,
+  NDPI_PROTOCOL_COAP                  = 27,
+  NDPI_PROTOCOL_VMWARE                = 28,
+  NDPI_PROTOCOL_MAIL_SMTPS            = 29,
+  NDPI_PROTOCOL_FBZERO                = 30,
+  NDPI_PROTOCOL_UBNTAC2               = 31, /* Ubiquity UBNT AirControl = 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */
+  NDPI_PROTOCOL_KONTIKI               = 32,
+  NDPI_PROTOCOL_OPENFT                = 33,
+  NDPI_PROTOCOL_FASTTRACK             = 34,
+  NDPI_PROTOCOL_GNUTELLA              = 35,
+  NDPI_PROTOCOL_EDONKEY               = 36, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_BITTORRENT            = 37,
+  NDPI_PROTOCOL_SKYPE_CALL            = 38, /* Skype call and videocalls */
+  NDPI_PROTOCOL_SIGNAL                = 39,
+  NDPI_PROTOCOL_MEMCACHED             = 40, /* Memcached - Darryl Sokoloski <darryl@egloo.ca> */
+  NDPI_PROTOCOL_SMBV23                = 41, /* SMB version 2/3 */  
+  NDPI_PROTOCOL_MINING                = 42, /* Bitcoin, Ethereum, ZCash, Monero */
+  NDPI_PROTOCOL_NEST_LOG_SINK         = 43, /* Nest Log Sink (Nest Protect) - Darryl Sokoloski <darryl@egloo.ca> */
+  
+  NDPI_PROTOCOL_FREE_44               = 44, /* Free */
+  NDPI_PROTOCOL_FREE_45               = 45, /* Free */
+  NDPI_PROTOCOL_FREE_46               = 46, /* Free */
+  
+  NDPI_PROTOCOL_XBOX                  = 47,
+  NDPI_PROTOCOL_QQ                    = 48,
+  NDPI_PROTOCOL_FREE_49               = 49, /* Free */
+  NDPI_PROTOCOL_RTSP                  = 50,
+  NDPI_PROTOCOL_MAIL_IMAPS            = 51,
+  NDPI_PROTOCOL_ICECAST               = 52,
+  NDPI_PROTOCOL_PPLIVE                = 53, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_PPSTREAM              = 54,
+  NDPI_PROTOCOL_ZATTOO                = 55,
+  NDPI_PROTOCOL_SHOUTCAST             = 56,
+  NDPI_PROTOCOL_SOPCAST               = 57,
+  NDPI_PROTOCOL_TVANTS                = 58,
+  NDPI_PROTOCOL_TVUPLAYER             = 59,
+  NDPI_PROTOCOL_HTTP_DOWNLOAD         = 60,
+  NDPI_PROTOCOL_QQLIVE                = 61,
+  NDPI_PROTOCOL_THUNDER               = 62,
+  NDPI_PROTOCOL_SOULSEEK              = 63,
+  NDPI_PROTOCOL_SSL_NO_CERT           = 64,
+  NDPI_PROTOCOL_IRC                   = 65,
+  NDPI_PROTOCOL_AYIYA                 = 66,
+  NDPI_PROTOCOL_UNENCRYPTED_JABBER    = 67,
+  NDPI_PROTOCOL_MSN                   = 68,
+  NDPI_PROTOCOL_OSCAR                 = 69,
+  NDPI_PROTOCOL_YAHOO                 = 70,
+  NDPI_PROTOCOL_BATTLEFIELD           = 71,
+  NDPI_PROTOCOL_GOOGLE_PLUS           = 72,
+  NDPI_PROTOCOL_IP_VRRP               = 73,
+  NDPI_PROTOCOL_STEAM                 = 74, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_HALFLIFE2             = 75,
+  NDPI_PROTOCOL_WORLDOFWARCRAFT       = 76,
+  NDPI_PROTOCOL_TELNET                = 77,
+  NDPI_PROTOCOL_STUN                  = 78,
+  NDPI_PROTOCOL_IP_IPSEC              = 79,
+  NDPI_PROTOCOL_IP_GRE                = 80,
+  NDPI_PROTOCOL_IP_ICMP               = 81,
+  NDPI_PROTOCOL_IP_IGMP               = 82,
+  NDPI_PROTOCOL_IP_EGP                = 83,
+  NDPI_PROTOCOL_IP_SCTP               = 84,
+  NDPI_PROTOCOL_IP_OSPF               = 85,
+  NDPI_PROTOCOL_IP_IP_IN_IP           = 86,
+  NDPI_PROTOCOL_RTP                   = 87,
+  NDPI_PROTOCOL_RDP                   = 88,
+  NDPI_PROTOCOL_VNC                   = 89,
+  NDPI_PROTOCOL_PCANYWHERE            = 90,
+  NDPI_PROTOCOL_SSL                   = 91,
+  NDPI_PROTOCOL_SSH                   = 92,
+  NDPI_PROTOCOL_USENET                = 93,
+  NDPI_PROTOCOL_MGCP                  = 94,
+  NDPI_PROTOCOL_IAX                   = 95,
+  NDPI_PROTOCOL_TFTP                  = 96,
+  NDPI_PROTOCOL_AFP                   = 97,
+  NDPI_PROTOCOL_STEALTHNET            = 98,
+  NDPI_PROTOCOL_AIMINI                = 99,
+  NDPI_PROTOCOL_SIP                   = 100,
+  NDPI_PROTOCOL_TRUPHONE              = 101,
+  NDPI_PROTOCOL_IP_ICMPV6             = 102,
+  NDPI_PROTOCOL_DHCPV6                = 103,
+  NDPI_PROTOCOL_ARMAGETRON            = 104,
+  NDPI_PROTOCOL_CROSSFIRE             = 105,
+  NDPI_PROTOCOL_DOFUS                 = 106,
+  NDPI_PROTOCOL_FIESTA                = 107,
+  NDPI_PROTOCOL_FLORENSIA             = 108,
+  NDPI_PROTOCOL_GUILDWARS             = 109,
+  NDPI_PROTOCOL_HTTP_ACTIVESYNC       = 110,
+  NDPI_PROTOCOL_KERBEROS              = 111,
+  NDPI_PROTOCOL_LDAP                  = 112,
+  NDPI_PROTOCOL_MAPLESTORY            = 113,
+  NDPI_PROTOCOL_MSSQL_TDS             = 114,
+  NDPI_PROTOCOL_PPTP                  = 115,
+  NDPI_PROTOCOL_WARCRAFT3             = 116,
+  NDPI_PROTOCOL_WORLD_OF_KUNG_FU      = 117,
+  NDPI_PROTOCOL_SLACK                 = 118,
+  NDPI_PROTOCOL_FACEBOOK              = 119,
+  NDPI_PROTOCOL_TWITTER               = 120,
+  NDPI_PROTOCOL_DROPBOX               = 121,
+  NDPI_PROTOCOL_GMAIL                 = 122,
+  NDPI_PROTOCOL_GOOGLE_MAPS           = 123,
+  NDPI_PROTOCOL_YOUTUBE               = 124,
+  NDPI_PROTOCOL_SKYPE                 = 125,
+  NDPI_PROTOCOL_GOOGLE                = 126,
+  NDPI_PROTOCOL_DCERPC                = 127,
+  NDPI_PROTOCOL_NETFLOW               = 128,
+  NDPI_PROTOCOL_SFLOW                 = 129,
+  NDPI_PROTOCOL_HTTP_CONNECT          = 130,
+  NDPI_PROTOCOL_HTTP_PROXY            = 131,
+  NDPI_PROTOCOL_CITRIX                = 132, /* It also includes the old NDPI_PROTOCOL_CITRIX_ONLINE */
+  NDPI_PROTOCOL_NETFLIX               = 133,
+  NDPI_PROTOCOL_LASTFM                = 134,
+  NDPI_PROTOCOL_WAZE                  = 135,
+  NDPI_PROTOCOL_YOUTUBE_UPLOAD        = 136, /* Upload files to youtube */
+  NDPI_PROTOCOL_GENERIC               = 137, /* Generic protocol used for category matching */
+  NDPI_PROTOCOL_CHECKMK               = 138,
+  NDPI_PROTOCOL_AJP                   = 139, /* Leonn Paiva <leonn.paiva@gmail.com> */
+  NDPI_PROTOCOL_APPLE                 = 140,
+  NDPI_PROTOCOL_WEBEX                 = 141,
+  NDPI_PROTOCOL_WHATSAPP              = 142,
+  NDPI_PROTOCOL_APPLE_ICLOUD          = 143,
+  NDPI_PROTOCOL_VIBER                 = 144,
+  NDPI_PROTOCOL_APPLE_ITUNES          = 145,
+  NDPI_PROTOCOL_RADIUS                = 146,
+  NDPI_PROTOCOL_WINDOWS_UPDATE        = 147,
+  NDPI_PROTOCOL_TEAMVIEWER            = 148, /* xplico.org */
+  NDPI_PROTOCOL_TUENTI                = 149,
+  NDPI_PROTOCOL_LOTUS_NOTES           = 150,
+  NDPI_PROTOCOL_SAP                   = 151,
+  NDPI_PROTOCOL_GTP                   = 152,
+  NDPI_PROTOCOL_UPNP                  = 153,
+  NDPI_PROTOCOL_LLMNR                 = 154,
+  NDPI_PROTOCOL_REMOTE_SCAN           = 155,
+  NDPI_PROTOCOL_SPOTIFY               = 156,
+  NDPI_PROTOCOL_MESSENGER             = 157,
+  NDPI_PROTOCOL_H323                  = 158, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_OPENVPN               = 159, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_NOE                   = 160, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_CISCOVPN              = 161, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_TEAMSPEAK             = 162, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_TOR                   = 163, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_SKINNY                = 164, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_RTCP                  = 165, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_RSYNC                 = 166, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_ORACLE                = 167, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_CORBA                 = 168, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_UBUNTUONE             = 169, /* Remy Mudingay <mudingay@ill.fr> */
+  NDPI_PROTOCOL_WHOIS_DAS             = 170,
+  NDPI_PROTOCOL_COLLECTD              = 171,
+  NDPI_PROTOCOL_SOCKS                 = 172, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_NINTENDO              = 173,
+  NDPI_PROTOCOL_RTMP                  = 174, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_FTP_DATA              = 175, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_WIKIPEDIA             = 176, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_ZMQ                   = 177,
+  NDPI_PROTOCOL_AMAZON                = 178, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_EBAY                  = 179, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_CNN                   = 180, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_MEGACO                = 181, /* Gianluca Costa <g.costa@xplico.org> */
+  NDPI_PROTOCOL_REDIS                 = 182,
+  NDPI_PROTOCOL_PANDO                 = 183, /* Tomasz Bujlow <tomasz@skatnet.dk> */
+  NDPI_PROTOCOL_VHUA                  = 184,
+  NDPI_PROTOCOL_TELEGRAM              = 185, /* Gianluca Costa <g.costa@xplico.org> */
+  NDPI_PROTOCOL_VEVO                  = 186,
+  NDPI_PROTOCOL_PANDORA               = 187,
+  NDPI_PROTOCOL_QUIC                  = 188, /* Andrea Buscarinu <andrea.buscarinu@gmail.com> - Michele Campus <michelecampus5@gmail.com> */
+  NDPI_PROTOCOL_WHATSAPP_VOICE        = 189,
+  NDPI_PROTOCOL_EAQ                   = 190,
+  NDPI_PROTOCOL_OOKLA                 = 191,
+  NDPI_PROTOCOL_AMQP                  = 192,
+  NDPI_PROTOCOL_KAKAOTALK             = 193, /* KakaoTalk Chat (no voice call) */
+  NDPI_PROTOCOL_KAKAOTALK_VOICE       = 194, /* KakaoTalk Voice */
+  NDPI_PROTOCOL_TWITCH                = 195, /* Edoardo Dominici <edoaramis@gmail.com> */
+  NDPI_PROTOCOL_FREE_196              = 196, /* Free */
+  NDPI_PROTOCOL_WECHAT                = 197,
+  NDPI_PROTOCOL_MPEGTS                = 198,
+  NDPI_PROTOCOL_SNAPCHAT              = 199,
+  NDPI_PROTOCOL_SINA                  = 200,
+  NDPI_PROTOCOL_HANGOUT               = 201,
+  NDPI_PROTOCOL_IFLIX                 = 202, /* www.vizuamatix.com R&D team & M.Mallawaarachchie <manoj_ws@yahoo.com> */
+  NDPI_PROTOCOL_GITHUB                = 203,
+  NDPI_PROTOCOL_BJNP                  = 204,
+  NDPI_PROTOCOL_FREE_205              = 205, /* Free */
+  NDPI_PROTOCOL_VIDTO                 = 206,
+  NDPI_PROTOCOL_SMPP                  = 207, /* Damir Franusic <df@release14.org> */
+  NDPI_PROTOCOL_DNSCRYPT              = 208,
+  NDPI_PROTOCOL_TINC                  = 209, /* William Guglielmo <william@deselmo.com> */
+  NDPI_PROTOCOL_DEEZER                = 210,
+  NDPI_PROTOCOL_INSTAGRAM             = 211, /* Andrea Buscarinu <andrea.buscarinu@gmail.com> */
+  NDPI_PROTOCOL_MICROSOFT             = 212,
+  NDPI_PROTOCOL_STARCRAFT             = 213, /* Matteo Bracci <matteobracci1@gmail.com> */
+  NDPI_PROTOCOL_TEREDO                = 214,
+  NDPI_PROTOCOL_HOTSPOT_SHIELD        = 215,
+  NDPI_PROTOCOL_HEP                   = 216, /* sipcapture.org QXIP BV */
+  NDPI_PROTOCOL_GOOGLE_DRIVE          = 217,
+  NDPI_PROTOCOL_OCS                   = 218,
+  NDPI_PROTOCOL_OFFICE_365            = 219,
+  NDPI_PROTOCOL_CLOUDFLARE            = 220,
+  NDPI_PROTOCOL_MS_ONE_DRIVE          = 221,
+  NDPI_PROTOCOL_MQTT                  = 222,
+  NDPI_PROTOCOL_RX                    = 223,
+  NDPI_PROTOCOL_APPLESTORE            = 224,
+  NDPI_PROTOCOL_OPENDNS               = 225,
+  NDPI_PROTOCOL_GIT                   = 226,
+  NDPI_PROTOCOL_DRDA                  = 227,
+  NDPI_PROTOCOL_PLAYSTORE             = 228,
+  NDPI_PROTOCOL_SOMEIP                = 229,
+  NDPI_PROTOCOL_FIX                   = 230,
+  NDPI_PROTOCOL_PLAYSTATION           = 231,
+  NDPI_PROTOCOL_PASTEBIN              = 232, /* Paulo Angelo <pa@pauloangelo.com> */
+  NDPI_PROTOCOL_LINKEDIN              = 233, /* Paulo Angelo <pa@pauloangelo.com> */
+  NDPI_PROTOCOL_SOUNDCLOUD            = 234,
+  NDPI_PROTOCOL_CSGO                  = 235, /* Counter-Strike Global Offensive, Dota = 2 */
+  NDPI_PROTOCOL_LISP	              = 236,
+  NDPI_PROTOCOL_DIAMETER	      = 237,
+  NDPI_PROTOCOL_APPLE_PUSH            = 238,
+  NDPI_PROTOCOL_GOOGLE_SERVICES       = 239,
+  NDPI_PROTOCOL_AMAZON_VIDEO          = 240,
+  NDPI_PROTOCOL_GOOGLE_DOCS           = 241,
+  NDPI_PROTOCOL_WHATSAPP_FILES        = 242, /* Videos, pictures, voice messages... */
+  /*
+    IMPORTANT
+    before allocating a new identifier please fill up
+    one of those named NDPI_PROTOCOL_FREE_XXX and not used
+    (placeholders to avoid protocol renumbering)
+  */
+  
+  
+  /* IMPORTANT:NDPI_LAST_IMPLEMENTED_PROTOCOL MUST BE THE LAST ELEMENT */
+  NDPI_LAST_IMPLEMENTED_PROTOCOL
+} ndpi_protocol_id_t;
 
-#define NDPI_PROTOCOL_NO_MASTER_PROTO      NDPI_PROTOCOL_UNKNOWN
-
-#define NDPI_PROTOCOL_UNKNOWN               0
-#define NDPI_PROTOCOL_FTP_CONTROL           1 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_MAIL_POP              2
-#define NDPI_PROTOCOL_MAIL_SMTP             3
-#define NDPI_PROTOCOL_MAIL_IMAP             4
-#define NDPI_PROTOCOL_DNS                   5
-#define NDPI_PROTOCOL_IPP                   6
-#define NDPI_PROTOCOL_HTTP                  7
-#define NDPI_PROTOCOL_MDNS                  8
-#define NDPI_PROTOCOL_NTP                   9
-#define NDPI_PROTOCOL_NETBIOS               10
-#define NDPI_PROTOCOL_NFS                   11
-#define NDPI_PROTOCOL_SSDP                  12
-#define NDPI_PROTOCOL_BGP                   13
-#define NDPI_PROTOCOL_SNMP                  14
-#define NDPI_PROTOCOL_XDMCP                 15
-#define NDPI_PROTOCOL_SMB                   16
-#define NDPI_PROTOCOL_SYSLOG                17
-#define NDPI_PROTOCOL_DHCP                  18
-#define NDPI_PROTOCOL_POSTGRES              19
-#define NDPI_PROTOCOL_MYSQL                 20
-#define NDPI_PROTOCOL_HOTMAIL               21
-#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK  22
-#define NDPI_PROTOCOL_MAIL_POPS             23
-#define NDPI_PROTOCOL_APPLEJUICE            24
-#define NDPI_PROTOCOL_DIRECTCONNECT         25
-#define NDPI_PROTOCOL_NTOP                  26
-#define NDPI_PROTOCOL_COAP                  27
-#define NDPI_PROTOCOL_VMWARE                28
-#define NDPI_PROTOCOL_MAIL_SMTPS            29
-#define NDPI_PROTOCOL_FBZERO                30
-#define NDPI_PROTOCOL_UBNTAC2               31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */
-#define NDPI_PROTOCOL_KONTIKI               32
-#define NDPI_PROTOCOL_OPENFT                33
-#define NDPI_PROTOCOL_FASTTRACK             34
-#define NDPI_PROTOCOL_GNUTELLA              35
-#define NDPI_PROTOCOL_EDONKEY               36 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_BITTORRENT            37
-#define NDPI_PROTOCOL_SKYPE_CALL_OUT        38
-#define NDPI_PROTOCOL_MUSICALLY             39
-
-/* 40..46 are free */
-#define NDPI_PROTOCOL_FREE_40               40
-#define NDPI_PROTOCOL_FREE_41               41
-#define NDPI_PROTOCOL_FREE_42               42
-#define NDPI_PROTOCOL_FREE_43               43
-#define NDPI_PROTOCOL_FREE_44               44
-#define NDPI_PROTOCOL_FREE_45               45
-#define NDPI_PROTOCOL_FREE_46               46
-
-#define NDPI_PROTOCOL_XBOX                  47
-#define NDPI_PROTOCOL_QQ                    48
-#define NDPI_PROTOCOL_SKYPE_CALL_IN         49
-#define NDPI_PROTOCOL_RTSP                  50
-#define NDPI_PROTOCOL_MAIL_IMAPS            51
-#define NDPI_PROTOCOL_ICECAST               52
-#define NDPI_PROTOCOL_PPLIVE                53 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_PPSTREAM              54
-#define NDPI_PROTOCOL_ZATTOO                55
-#define NDPI_PROTOCOL_SHOUTCAST             56
-#define NDPI_PROTOCOL_SOPCAST               57
-#define NDPI_PROTOCOL_TVANTS                58
-#define NDPI_PROTOCOL_TVUPLAYER             59
-#define NDPI_PROTOCOL_HTTP_DOWNLOAD         60
-#define NDPI_PROTOCOL_QQLIVE                61
-#define NDPI_PROTOCOL_THUNDER               62
-#define NDPI_PROTOCOL_SOULSEEK              63
-#define NDPI_PROTOCOL_SSL_NO_CERT           64
-#define NDPI_PROTOCOL_IRC                   65
-#define NDPI_PROTOCOL_AYIYA                 66
-#define NDPI_PROTOCOL_UNENCRYPTED_JABBER    67
-#define NDPI_PROTOCOL_MSN                   68
-#define NDPI_PROTOCOL_OSCAR                 69
-#define NDPI_PROTOCOL_YAHOO                 70
-#define NDPI_PROTOCOL_BATTLEFIELD           71
-#define NDPI_PROTOCOL_GOOGLE_PLUS           72
-#define NDPI_PROTOCOL_IP_VRRP               73
-#define NDPI_PROTOCOL_STEAM                 74 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_HALFLIFE2             75
-#define NDPI_PROTOCOL_WORLDOFWARCRAFT       76
-#define NDPI_PROTOCOL_TELNET                77
-#define NDPI_PROTOCOL_STUN                  78
-#define NDPI_PROTOCOL_IP_IPSEC              79
-#define NDPI_PROTOCOL_IP_GRE                80
-#define NDPI_PROTOCOL_IP_ICMP               81
-#define NDPI_PROTOCOL_IP_IGMP               82
-#define NDPI_PROTOCOL_IP_EGP                83
-#define NDPI_PROTOCOL_IP_SCTP               84
-#define NDPI_PROTOCOL_IP_OSPF               85
-#define NDPI_PROTOCOL_IP_IP_IN_IP           86
-#define NDPI_PROTOCOL_RTP                   87
-#define NDPI_PROTOCOL_RDP                   88
-#define NDPI_PROTOCOL_VNC                   89
-#define NDPI_PROTOCOL_PCANYWHERE            90
-#define NDPI_PROTOCOL_SSL                   91
-#define NDPI_PROTOCOL_SSH                   92
-#define NDPI_PROTOCOL_USENET                93
-#define NDPI_PROTOCOL_MGCP                  94
-#define NDPI_PROTOCOL_IAX                   95
-#define NDPI_PROTOCOL_TFTP                  96
-#define NDPI_PROTOCOL_AFP                   97
-#define NDPI_PROTOCOL_STEALTHNET            98
-#define NDPI_PROTOCOL_AIMINI                99
-#define NDPI_PROTOCOL_SIP                   100
-#define NDPI_PROTOCOL_TRUPHONE              101
-#define NDPI_PROTOCOL_IP_ICMPV6             102
-#define NDPI_PROTOCOL_DHCPV6                103
-#define NDPI_PROTOCOL_ARMAGETRON            104
-#define NDPI_PROTOCOL_CROSSFIRE             105
-#define NDPI_PROTOCOL_DOFUS                 106
-#define NDPI_PROTOCOL_FIESTA                107
-#define NDPI_PROTOCOL_FLORENSIA             108
-#define NDPI_PROTOCOL_GUILDWARS             109
-#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC    110 /*avoid large declarations in the future*/
-#define NDPI_PROTOCOL_KERBEROS              111
-#define NDPI_PROTOCOL_LDAP                  112
-#define NDPI_PROTOCOL_MAPLESTORY            113
-#define NDPI_PROTOCOL_MSSQL_TDS             114
-#define NDPI_PROTOCOL_PPTP                  115
-#define NDPI_PROTOCOL_WARCRAFT3             116
-#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU      117
-#define NDPI_PROTOCOL_SLACK                 118
-#define NDPI_PROTOCOL_FACEBOOK              119
-#define NDPI_PROTOCOL_TWITTER               120
-#define NDPI_PROTOCOL_DROPBOX               121
-#define NDPI_PROTOCOL_GMAIL                 122
-#define NDPI_PROTOCOL_GOOGLE_MAPS           123
-#define NDPI_PROTOCOL_YOUTUBE               124
-#define NDPI_PROTOCOL_SKYPE                 125
-#define NDPI_PROTOCOL_GOOGLE                126
-#define NDPI_PROTOCOL_DCERPC                127
-#define NDPI_PROTOCOL_NETFLOW               128
-#define NDPI_PROTOCOL_SFLOW                 129
-#define NDPI_PROTOCOL_HTTP_CONNECT          130
-#define NDPI_PROTOCOL_HTTP_PROXY            131
-#define NDPI_PROTOCOL_CITRIX                132 /* It includes also the old NDPI_PROTOCOL_CITRIX_ONLINE */
-#define NDPI_PROTOCOL_NETFLIX               133
-#define NDPI_PROTOCOL_LASTFM                134
-#define NDPI_PROTOCOL_WAZE                  135
-#define NDPI_PROTOCOL_YOUTUBE_UPLOAD        136 /* Upload files to youtube */
-#define NDPI_PROTOCOL_ICQ                   137
-#define NDPI_PROTOCOL_CHECKMK               138
-#define NDPI_PROTOCOL_AJP                   139 /* Leonn Paiva <leonn.paiva@gmail.com>*/
-#define NDPI_PROTOCOL_APPLE                 140
-#define NDPI_PROTOCOL_WEBEX                 141
-#define NDPI_PROTOCOL_WHATSAPP              142
-#define NDPI_PROTOCOL_APPLE_ICLOUD          143
-#define NDPI_PROTOCOL_VIBER                 144
-#define NDPI_PROTOCOL_APPLE_ITUNES          145
-#define NDPI_PROTOCOL_RADIUS                146
-#define NDPI_PROTOCOL_WINDOWS_UPDATE        147
-#define NDPI_PROTOCOL_TEAMVIEWER            148 /* xplico.org */
-#define NDPI_PROTOCOL_TUENTI                149
-#define NDPI_PROTOCOL_LOTUS_NOTES           150
-#define NDPI_PROTOCOL_SAP                   151
-#define NDPI_PROTOCOL_GTP                   152
-#define NDPI_PROTOCOL_UPNP                  153
-#define NDPI_PROTOCOL_LLMNR                 154
-#define NDPI_PROTOCOL_REMOTE_SCAN           155
-#define NDPI_PROTOCOL_SPOTIFY               156
-#define NDPI_PROTOCOL_MESSENGER             157
-#define NDPI_PROTOCOL_H323                  158 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_OPENVPN               159 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_NOE                   160 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_CISCOVPN              161 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_TEAMSPEAK             162 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_TOR                   163 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_SKINNY                164 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_RTCP                  165 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_RSYNC                 166 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_ORACLE                167 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_CORBA                 168 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_UBUNTUONE             169 /* Remy Mudingay <mudingay@ill.fr> */
-#define NDPI_PROTOCOL_WHOIS_DAS             170
-#define NDPI_PROTOCOL_COLLECTD              171
-#define NDPI_PROTOCOL_SOCKS                 172 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_NINTENDO              173
-#define NDPI_PROTOCOL_RTMP                  174 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_FTP_DATA              175 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_WIKIPEDIA             176 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_ZMQ                   177
-#define NDPI_PROTOCOL_AMAZON                178 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_EBAY                  179 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_CNN                   180 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_MEGACO                181 /* Gianluca Costa <g.costa@xplico.org> */
-#define NDPI_PROTOCOL_REDIS                 182
-#define NDPI_PROTOCOL_PANDO                 183 /* Tomasz Bujlow <tomasz@skatnet.dk> */
-#define NDPI_PROTOCOL_VHUA                  184
-#define NDPI_PROTOCOL_TELEGRAM              185 /* Gianluca Costa <g.costa@xplico.org> */
-#define NDPI_PROTOCOL_VEVO                  186
-#define NDPI_PROTOCOL_PANDORA               187
-#define NDPI_PROTOCOL_QUIC                  188 /* Andrea Buscarinu <andrea.buscarinu@gmail.com> - Michele Campus <michelecampus5@gmail.com> */
-#define NDPI_PROTOCOL_WHATSAPP_VOICE        189
-#define NDPI_PROTOCOL_EAQ                   190
-#define NDPI_PROTOCOL_OOKLA                 191
-#define NDPI_PROTOCOL_AMQP                  192
-#define NDPI_PROTOCOL_KAKAOTALK             193 /* KakaoTalk Chat (no voice call) */
-#define NDPI_PROTOCOL_KAKAOTALK_VOICE       194 /* KakaoTalk Voice */
-#define NDPI_PROTOCOL_TWITCH                195 /* Edoardo Dominici <edoaramis@gmail.com> */
-#define NDPI_PROTOCOL_QUICKPLAY             196 /* Streaming service used by various services such as hooq.tv */
-#define NDPI_PROTOCOL_WECHAT                197
-#define NDPI_PROTOCOL_MPEGTS                198
-#define NDPI_PROTOCOL_SNAPCHAT              199
-#define NDPI_PROTOCOL_SINA                  200
-#define NDPI_PROTOCOL_HANGOUT               201
-#define NDPI_PROTOCOL_IFLIX                 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie <manoj_ws@yahoo.com> */
-#define NDPI_PROTOCOL_GITHUB                203
-#define NDPI_PROTOCOL_BJNP                  204
-#define NDPI_PROTOCOL_1KXUN                 205
-#define NDPI_PROTOCOL_IQIYI                 206
-#define NDPI_PROTOCOL_SMPP                  207 /* Damir Franusic <df@release14.org> */
-#define NDPI_PROTOCOL_DNSCRYPT              208
-#define NDPI_PROTOCOL_TINC                  209 /* William Guglielmo <william@deselmo.com> */
-#define NDPI_PROTOCOL_DEEZER                210
-#define NDPI_PROTOCOL_INSTAGRAM             211 /* Andrea Buscarinu <andrea.buscarinu@gmail.com> */
-#define NDPI_PROTOCOL_MICROSOFT             212
-#define NDPI_PROTOCOL_STARCRAFT             213 /* Matteo Bracci <matteobracci1@gmail.com> */
-#define NDPI_PROTOCOL_TEREDO                214
-#define NDPI_PROTOCOL_HOTSPOT_SHIELD        215
-#define NDPI_PROTOCOL_HEP                   216 /* sipcapture.org QXIP BV */
-#define NDPI_PROTOCOL_GOOGLE_DRIVE          217
-#define NDPI_PROTOCOL_OCS                   218
-#define NDPI_PROTOCOL_OFFICE_365            219
-#define NDPI_PROTOCOL_CLOUDFLARE            220
-#define NDPI_PROTOCOL_MS_ONE_DRIVE          221
-#define NDPI_PROTOCOL_MQTT                  222
-#define NDPI_PROTOCOL_RX                    223
-#define NDPI_PROTOCOL_APPLESTORE            224
-#define NDPI_PROTOCOL_OPENDNS               225
-#define NDPI_PROTOCOL_GIT                   226
-#define NDPI_PROTOCOL_DRDA                  227
-#define NDPI_PROTOCOL_PLAYSTORE             228
-#define NDPI_PROTOCOL_SOMEIP                229
-#define NDPI_PROTOCOL_FIX                   230
-#define NDPI_PROTOCOL_PLAYSTATION           231
-#define NDPI_PROTOCOL_PASTEBIN              232 /* Paulo Angelo <pa@pauloangelo.com> */
-#define NDPI_PROTOCOL_LINKEDIN              233 /* Paulo Angelo <pa@pauloangelo.com> */
-#define NDPI_PROTOCOL_SOUNDCLOUD            234
-#define NDPI_PROTOCOL_CSGO                  235 /* Counter-Strike Global Offensive, Dota 2 */
-#define NDPI_PROTOCOL_LISP	            236
-#define NDPI_PROTOCOL_DIAMETER	            237
-#define NDPI_PROTOCOL_APPLE_PUSH            238
-#define NDPI_PROTOCOL_GOOGLE_SERVICES       239
-#define NDPI_PROTOCOL_AMAZON_VIDEO          240
-#define NDPI_PROTOCOL_GOOGLE_DOCS           241
-#define NDPI_PROTOCOL_WHATSAPP_FILES        242 /* Videos, pictures, voice messages... */
-#define NDPI_PROTOCOL_VIDTO                 243 /* VidTO streaming service */
-#define NDPI_PROTOCOL_RAPIDVIDEO            244 /* RapidVideo streaming */
-
-/* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL              NDPI_PROTOCOL_RAPIDVIDEO
-
-#define NDPI_MAX_SUPPORTED_PROTOCOLS                (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
-#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS               (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
+#define NDPI_PROTOCOL_NO_MASTER_PROTO    NDPI_PROTOCOL_UNKNOWN
+#define NDPI_MAX_SUPPORTED_PROTOCOLS     NDPI_LAST_IMPLEMENTED_PROTOCOL
+#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS    (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
 #endif
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index f08b1de73..5349237d4 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -203,6 +203,8 @@ void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct n
 void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_csgo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_ajp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_memcached(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_nest_log_sink(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 /* --- INIT FUNCTIONS --- */
 void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
@@ -259,6 +261,7 @@ void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 void init_mdns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_mgpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
@@ -322,6 +325,7 @@ void init_tor_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_upnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
@@ -356,4 +360,7 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_fbzero_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_memcached_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_nest_log_sink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 #endif /* __NDPI_PROTOCOLS_H__ */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 77440b5c7..294af22b3 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -25,9 +25,7 @@
 #define __NDPI_TYPEDEFS_H__
 
 #include "ndpi_define.h"
-
-#define BT_ANNOUNCE
-#define SNAP_EXT
+#include "ndpi_protocol_ids.h"
 
 /* NDPI_LOG_LEVEL */
 typedef enum {
@@ -308,8 +306,7 @@ struct ndpi_icmphdr {
 /* ******************* ********************* ****************** */
 /* ************************************************************ */
 
-#ifdef NDPI_PROTOCOL_BITTORRENT
-
+/* NDPI_PROTOCOL_BITTORRENT */
 typedef struct spinlock {
   volatile int    val;
 } spinlock_t;
@@ -348,9 +345,8 @@ struct bt_announce {              // 192 bytes
   u_int8_t		name_len,
     name[192 - 4*10 - 2 - 1];     // 149 bytes
 };
-#endif
 
-#ifdef NDPI_PROTOCOL_TINC
+/* NDPI_PROTOCOL_TINC */
 #define TINC_CACHE_MAX_SIZE 10
 
 PACK_ON struct tinc_cache_entry {
@@ -359,8 +355,6 @@ PACK_ON struct tinc_cache_entry {
   u_int16_t dst_port;
 } PACK_OFF;
 
-#endif
-
 typedef enum {
   HTTP_METHOD_UNKNOWN = 0,
   HTTP_METHOD_OPTIONS,
@@ -381,227 +375,230 @@ struct ndpi_id_struct {
      to compare this, use:
   **/
   NDPI_PROTOCOL_BITMASK detected_protocol_bitmask;
-#ifdef NDPI_PROTOCOL_RTSP
+/* NDPI_PROTOCOL_RTSP */
   ndpi_ip_addr_t rtsp_ip_address;
-#endif
-#ifdef NDPI_PROTOCOL_SIP
-#ifdef NDPI_PROTOCOL_YAHOO
+
+/* NDPI_PROTOCOL_YAHOO */
   u_int32_t yahoo_video_lan_timer;
-#endif
-#endif
+
   /* NDPI_PROTOCOL_IRC_MAXPORT % 2 must be 0 */
-#ifdef NDPI_PROTOCOL_IRC
+/* NDPI_PROTOCOL_IRC */
 #define NDPI_PROTOCOL_IRC_MAXPORT 8
   u_int16_t irc_port[NDPI_PROTOCOL_IRC_MAXPORT];
   u_int32_t last_time_port_used[NDPI_PROTOCOL_IRC_MAXPORT];
   u_int32_t irc_ts;
-#endif
-#ifdef NDPI_PROTOCOL_GNUTELLA
+
+/* NDPI_PROTOCOL_GNUTELLA */
   u_int32_t gnutella_ts;
-#endif
-#ifdef NDPI_PROTOCOL_BATTLEFIELD
+
+/* NDPI_PROTOCOL_BATTLEFIELD */
   u_int32_t battlefield_ts;
-#endif
-#ifdef NDPI_PROTOCOL_THUNDER
+
+/* NDPI_PROTOCOL_THUNDER */
   u_int32_t thunder_ts;
-#endif
-#ifdef NDPI_PROTOCOL_RTSP
+
+/* NDPI_PROTOCOL_RTSP */
   u_int32_t rtsp_timer;
-#endif
-#ifdef NDPI_PROTOCOL_OSCAR
+
+/* NDPI_PROTOCOL_OSCAR */
   u_int32_t oscar_last_safe_access_time;
-#endif
-#ifdef NDPI_PROTOCOL_ZATTOO
+
+/* NDPI_PROTOCOL_ZATTOO */
   u_int32_t zattoo_ts;
-#endif
-#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER
+
+/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */
   u_int32_t jabber_stun_or_ft_ts;
-#endif
-#ifdef NDPI_PROTOCOL_DIRECTCONNECT
+
+/* NDPI_PROTOCOL_DIRECTCONNECT */
   u_int32_t directconnect_last_safe_access_time;
-#endif
-#ifdef NDPI_PROTOCOL_SOULSEEK
+
+/* NDPI_PROTOCOL_SOULSEEK */
   u_int32_t soulseek_last_safe_access_time;
-#endif
-#ifdef NDPI_PROTOCOL_DIRECTCONNECT
+
+/* NDPI_PROTOCOL_DIRECTCONNECT */
   u_int16_t detected_directconnect_port;
   u_int16_t detected_directconnect_udp_port;
   u_int16_t detected_directconnect_ssl_port;
-#endif
-#ifdef NDPI_PROTOCOL_BITTORRENT
+
+/* NDPI_PROTOCOL_BITTORRENT */
 #define NDPI_BT_PORTS 8
   u_int16_t bt_port_t[NDPI_BT_PORTS];
   u_int16_t bt_port_u[NDPI_BT_PORTS];
-#endif
-#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER
+
+/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */
 #define JABBER_MAX_STUN_PORTS 6
   u_int16_t jabber_voice_stun_port[JABBER_MAX_STUN_PORTS];
   u_int16_t jabber_file_transfer_port[2];
-#endif
-#ifdef NDPI_PROTOCOL_GNUTELLA
+
+/* NDPI_PROTOCOL_GNUTELLA */
   u_int16_t detected_gnutella_port;
-#endif
-#ifdef NDPI_PROTOCOL_GNUTELLA
+
+/* NDPI_PROTOCOL_GNUTELLA */
   u_int16_t detected_gnutella_udp_port1;
   u_int16_t detected_gnutella_udp_port2;
-#endif
-#ifdef NDPI_PROTOCOL_SOULSEEK
+
+/* NDPI_PROTOCOL_SOULSEEK */
   u_int16_t soulseek_listen_port;
-#endif
-#ifdef NDPI_PROTOCOL_IRC
+
+/* NDPI_PROTOCOL_IRC */
   u_int8_t irc_number_of_port;
-#endif
-#ifdef NDPI_PROTOCOL_OSCAR
+
+/* NDPI_PROTOCOL_OSCAR */
   u_int8_t oscar_ssl_session_id[33];
-#endif
-#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER
+
+/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */
   u_int8_t jabber_voice_stun_used_ports;
-#endif
-#ifdef NDPI_PROTOCOL_SIP
-#ifdef NDPI_PROTOCOL_YAHOO
+
+/* NDPI_PROTOCOL_SIP */
+/* NDPI_PROTOCOL_YAHOO */
   u_int32_t yahoo_video_lan_dir:1;
-#endif
-#endif
-#ifdef NDPI_PROTOCOL_YAHOO
+
+/* NDPI_PROTOCOL_YAHOO */
   u_int32_t yahoo_conf_logged_in:1;
   u_int32_t yahoo_voice_conf_logged_in:1;
-#endif
-#ifdef NDPI_PROTOCOL_RTSP
+
+/* NDPI_PROTOCOL_RTSP */
   u_int32_t rtsp_ts_set:1;
-#endif
 };
 
 /* ************************************************** */
 
 struct ndpi_flow_tcp_struct {
-#ifdef NDPI_PROTOCOL_MAIL_SMTP
+/* NDPI_PROTOCOL_MAIL_SMTP */
   u_int16_t smtp_command_bitmask;
-#endif
-#ifdef NDPI_PROTOCOL_MAIL_POP
+
+/* NDPI_PROTOCOL_MAIL_POP */
   u_int16_t pop_command_bitmask;
-#endif
-#ifdef NDPI_PROTOCOL_QQ
+
+/* NDPI_PROTOCOL_QQ */
   u_int16_t qq_nxt_len;
-#endif
-#ifdef NDPI_PROTOCOL_TDS
+
+  /* NDPI_PROTOCOL_WHATSAPP */
+  u_int8_t wa_matched_so_far;
+  
+/* NDPI_PROTOCOL_TDS */
   u_int8_t tds_login_version;
-#endif
-#ifdef NDPI_PROTOCOL_IRC
+
+/* NDPI_PROTOCOL_IRC */
   u_int8_t irc_stage;
   u_int8_t irc_port;
-#endif
   
-#ifdef NDPI_PROTOCOL_H323
+/* NDPI_PROTOCOL_H323 */
   u_int8_t h323_valid_packets;
-#endif
-#ifdef NDPI_PROTOCOL_GNUTELLA
+
+/* NDPI_PROTOCOL_GNUTELLA */
   u_int8_t gnutella_msg_id[3];
-#endif
-#ifdef NDPI_PROTOCOL_IRC
+
+/* NDPI_PROTOCOL_IRC */
   u_int32_t irc_3a_counter:3;
   u_int32_t irc_stage2:5;
   u_int32_t irc_direction:2;
   u_int32_t irc_0x1000_full:1;
-#endif
-#ifdef NDPI_PROTOCOL_SOULSEEK
+
+/* NDPI_PROTOCOL_SOULSEEK */
   u_int32_t soulseek_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_TDS
+
+/* NDPI_PROTOCOL_TDS */
   u_int32_t tds_stage:3;
-#endif
-#ifdef NDPI_PROTOCOL_USENET
+
+/* NDPI_PROTOCOL_USENET */
   u_int32_t usenet_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_IMESH
+
+/* NDPI_PROTOCOL_IMESH */
   u_int32_t imesh_stage:4;
-#endif
-#ifdef NDPI_PROTOCOL_HTTP
+
+/* NDPI_PROTOCOL_HTTP */
   u_int32_t http_setup_dir:2;
   u_int32_t http_stage:2;
   u_int32_t http_empty_line_seen:1;
   u_int32_t http_wait_for_retransmission:1;
-#endif
-#ifdef NDPI_PROTOCOL_GNUTELLA
+
+/* NDPI_PROTOCOL_GNUTELLA */
   u_int32_t gnutella_stage:2;		       // 0 - 2
-#endif
-#ifdef NDPI_CONTENT_MMS
+
+/* NDPI_CONTENT_MMS */
   u_int32_t mms_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_YAHOO
+
+/* NDPI_PROTOCOL_YAHOO */
   u_int32_t yahoo_sip_comm:1;
   u_int32_t yahoo_http_proxy_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_MSN
+
+/* NDPI_PROTOCOL_MSN */
   u_int32_t msn_stage:3;
   u_int32_t msn_ssl_ft:2;
-#endif
-#ifdef NDPI_PROTOCOL_SSH
+
+/* NDPI_PROTOCOL_SSH */
   u_int32_t ssh_stage:3;
-#endif
-#ifdef NDPI_PROTOCOL_VNC
+
+/* NDPI_PROTOCOL_VNC */
   u_int32_t vnc_stage:2;			// 0 - 3
-#endif
-#ifdef NDPI_PROTOCOL_TELNET
+
+/* NDPI_PROTOCOL_TELNET */
   u_int32_t telnet_stage:2;			// 0 - 2
-#endif
-#ifdef NDPI_PROTOCOL_SSL
-  u_int8_t ssl_stage:2, ssl_seen_client_cert:1, ssl_seen_server_cert:1; // 0 - 5
-#endif
-#ifdef NDPI_PROTOCOL_POSTGRES
+
+/* NDPI_PROTOCOL_SSL */
+  u_int8_t ssl_seen_client_cert:1, ssl_seen_server_cert:1, ssl_stage:2; // 0 - 5
+
+/* NDPI_PROTOCOL_POSTGRES */
   u_int32_t postgres_stage:3;
-#endif
-#ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK
+
+/* NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK */
   u_int32_t ddlink_server_direction:1;
-#endif
   u_int32_t seen_syn:1;
   u_int32_t seen_syn_ack:1;
   u_int32_t seen_ack:1;
-#ifdef NDPI_PROTOCOL_ICECAST
+  
+/* NDPI_PROTOCOL_ICECAST */
   u_int32_t icecast_stage:1;
-#endif
-#ifdef NDPI_PROTOCOL_DOFUS
+
+/* NDPI_PROTOCOL_DOFUS */
   u_int32_t dofus_stage:1;
-#endif
-#ifdef NDPI_PROTOCOL_FIESTA
+
+/* NDPI_PROTOCOL_FIESTA */
   u_int32_t fiesta_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT
+
+/* NDPI_PROTOCOL_WORLDOFWARCRAFT */
   u_int32_t wow_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV
+
+/* NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV */
   u_int32_t veoh_tv_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_SHOUTCAST
+
+/* NDPI_PROTOCOL_SHOUTCAST */
   u_int32_t shoutcast_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_RTP
+
+/* NDPI_PROTOCOL_RTP */
   u_int32_t rtp_special_packets_seen:1;
-#endif
-#ifdef NDPI_PROTOCOL_MAIL_POP
+
+/* NDPI_PROTOCOL_MAIL_POP */
   u_int32_t mail_pop_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_MAIL_IMAP
+
+/* NDPI_PROTOCOL_MAIL_IMAP */
   u_int32_t mail_imap_stage:3, mail_imap_starttls:2;
-#endif
-#ifdef NDPI_PROTOCOL_SKYPE
+
+/* NDPI_PROTOCOL_SKYPE */
   u_int8_t skype_packet_id;
-#endif
-#ifdef NDPI_PROTOCOL_CITRIX
+
+/* NDPI_PROTOCOL_CITRIX */
   u_int8_t citrix_packet_id;
-#endif
-#ifdef NDPI_PROTOCOL_LOTUS_NOTES
+
+/* NDPI_PROTOCOL_LOTUS_NOTES */
   u_int8_t lotus_notes_packet_id;
-#endif
-#ifdef NDPI_PROTOCOL_TEAMVIEWER
+
+/* NDPI_PROTOCOL_TEAMVIEWER */
   u_int8_t teamviewer_stage;
-#endif
-#ifdef NDPI_PROTOCOL_ZMQ
+
+/* NDPI_PROTOCOL_ZMQ */
   u_int8_t prev_zmq_pkt_len;
   u_char prev_zmq_pkt[10];
-#endif
-#ifdef NDPI_PROTOCOL_PPSTREAM
+
+/* NDPI_PROTOCOL_PPSTREAM */
   u_int32_t ppstream_stage:3;
-#endif
+
+/* NDPI_PROTOCOL_MEMCACHED */
+  u_int8_t memcached_matches;
+
+/* NDPI_PROTOCOL_NEST_LOG_SINK */
+  u_int8_t nest_log_sink_matches;
 }
 #ifndef WIN32
   __attribute__ ((__packed__))
@@ -611,50 +608,52 @@ struct ndpi_flow_tcp_struct {
 /* ************************************************** */
 
 struct ndpi_flow_udp_struct {
-#ifdef NDPI_PROTOCOL_BATTLEFIELD
+/* NDPI_PROTOCOL_BATTLEFIELD */
   u_int32_t battlefield_msg_id;
-#endif
-#ifdef NDPI_PROTOCOL_SNMP
+
+/* NDPI_PROTOCOL_SNMP */
   u_int32_t snmp_msg_id;
-#endif
-#ifdef NDPI_PROTOCOL_BATTLEFIELD
+
+/* NDPI_PROTOCOL_BATTLEFIELD */
   u_int32_t battlefield_stage:3;
-#endif
-#ifdef NDPI_PROTOCOL_SNMP
+
+/* NDPI_PROTOCOL_SNMP */
   u_int32_t snmp_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_PPSTREAM
+
+/* NDPI_PROTOCOL_PPSTREAM */
   u_int32_t ppstream_stage:3;		  // 0 - 7
-#endif
-#ifdef NDPI_PROTOCOL_HALFLIFE2
+
+/* NDPI_PROTOCOL_HALFLIFE2 */
   u_int32_t halflife2_stage:2;		  // 0 - 2
-#endif
-#ifdef NDPI_PROTOCOL_TFTP
+
+/* NDPI_PROTOCOL_TFTP */
   u_int32_t tftp_stage:1;
-#endif
-#ifdef NDPI_PROTOCOL_AIMINI
+
+/* NDPI_PROTOCOL_AIMINI */
   u_int32_t aimini_stage:5;
-#endif
-#ifdef NDPI_PROTOCOL_XBOX
+
+/* NDPI_PROTOCOL_XBOX */
   u_int32_t xbox_stage:1;
-#endif
-#ifdef NDPI_PROTOCOL_WINDOWS_UPDATE
+
+/* NDPI_PROTOCOL_WINDOWS_UPDATE */
   u_int32_t wsus_stage:1;
-#endif
-#ifdef NDPI_PROTOCOL_SKYPE
+
+/* NDPI_PROTOCOL_SKYPE */
   u_int8_t skype_packet_id;
-#endif
-#ifdef NDPI_PROTOCOL_TEAMVIEWER
+
+/* NDPI_PROTOCOL_TEAMVIEWER */
   u_int8_t teamviewer_stage;
-#endif
-#ifdef NDPI_PROTOCOL_EAQ
+
+/* NDPI_PROTOCOL_EAQ */
   u_int8_t eaq_pkt_id;
   u_int32_t eaq_sequence;
-#endif
-#ifdef NDPI_PROTOCOL_RX
+
+/* NDPI_PROTOCOL_RX */
   u_int32_t rx_conn_epoch;
   u_int32_t rx_conn_id;
-#endif
+
+/* NDPI_PROTOCOL_MEMCACHED */
+  u_int8_t memcached_matches;
 }
 #ifndef WIN32
   __attribute__ ((__packed__))
@@ -684,7 +683,6 @@ struct ndpi_packet_struct {
   u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE];
   u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_SIZE];
 
-
 #ifndef WIN32
   __attribute__ ((__packed__))
 #endif
@@ -799,12 +797,23 @@ typedef enum {
   NDPI_CONTENT_CATEGORY_WINDOWSMEDIA,
   NDPI_CONTENT_CATEGORY_WEBM,
 
-  /* Out custom categories */
-  CUSTOM_CATEGORY_MINING        = 99,
-  CUSTOM_CATEGORY_MALWARE       = 100,
-  CUSTOM_CATEGORY_ADVERTISEMENT = 101,
-  CUSTOM_CATEGORY_BANNED_SITE   = 102,
-  
+  /* Some custom categories */
+  CUSTOM_CATEGORY_MINING           = 99,
+  CUSTOM_CATEGORY_MALWARE          = 100,
+  CUSTOM_CATEGORY_ADVERTISEMENT    = 101,
+  CUSTOM_CATEGORY_BANNED_SITE      = 102,
+  CUSTOM_CATEGORY_SITE_UNAVAILABLE = 103,
+
+  /*
+    IMPORTANT
+
+    Please keep in sync with
+
+    static const char* categories[] = { ..}
+
+    in ndpi_main.c
+  */
+    
   NDPI_PROTOCOL_NUM_CATEGORIES /*
 				 NOTE: Keep this as last member
 				 Unused as value but useful to getting the number of elements
@@ -817,13 +826,14 @@ typedef enum {
   ndpi_pref_dns_dissect_response,
   ndpi_pref_direction_detect_disable,
   ndpi_pref_disable_metadata_export,
-  ndpi_pref_enable_category_substring_match,
+  ndpi_pref_enable_category_substring_match
 } ndpi_detection_preference;
   
 /* ntop extensions */
 typedef struct ndpi_proto_defaults {
   char *protoName;
   ndpi_protocol_category_t protoCategory;
+  u_int8_t can_have_a_subprotocol;
   u_int16_t protoId, protoIdx;
   u_int16_t master_tcp_protoId[2], master_udp_protoId[2]; /* The main protocols on which this sub-protocol sits on */
   ndpi_protocol_breed_t protoBreed;
@@ -842,6 +852,11 @@ typedef struct _ndpi_automa {
 } ndpi_automa;
 
 typedef struct ndpi_proto {
+  /*
+    Note
+    below we do not use ndpi_protocol_id_t as users can define their own
+    custom protocols and thus the typedef could be too short in size.
+  */
   u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */;
   ndpi_protocol_category_t category;
 } ndpi_protocol;
@@ -851,15 +866,25 @@ typedef struct ndpi_proto {
 #define NUM_CUSTOM_CATEGORIES      5
 #define CUSTOM_CATEGORY_LABEL_LEN 32
 
+#ifdef NDPI_LIB_COMPILATION
+
+/* Needed to have access to HAVE_* defines */
+#include "ndpi_config.h"
+
 #ifdef HAVE_HYPERSCAN
+#include <hs/hs.h>
+
 struct hs_list {
-  char *expression;
-  unsigned int id;
-  struct hs_list *next;
+    char *expression;
+    unsigned int id;
+    struct hs_list *next;
 };
-#endif
 
-#ifdef NDPI_LIB_COMPILATION
+struct hs {
+  hs_database_t *database;
+  hs_scratch_t  *scratch;
+};
+#endif
 
 struct ndpi_detection_module_struct {
   NDPI_PROTOCOL_BITMASK detection_bitmask;
@@ -961,19 +986,21 @@ struct ndpi_detection_module_struct {
   char ip_string[NDPI_IP_STRING_SIZE];
 #endif
   u_int8_t ip_version_limit;
-#ifdef NDPI_PROTOCOL_BITTORRENT
+/* NDPI_PROTOCOL_BITTORRENT */
   struct hash_ip4p_table *bt_ht;
 #ifdef NDPI_DETECTION_SUPPORT_IPV6
   struct hash_ip4p_table *bt6_ht;
 #endif
-#ifdef BT_ANNOUNCE
+
+/* BT_ANNOUNCE */
   struct bt_announce *bt_ann;
   int    bt_ann_len;
-#endif
-#endif
-#ifdef NDPI_PROTOCOL_TINC
+
+  /* NDPI_PROTOCOL_OOKLA */
+  void *ookla_cache;
+
+  /* NDPI_PROTOCOL_TINC */
   struct cache *tinc_cache;
-#endif
 
   ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS];
 
@@ -985,7 +1012,8 @@ struct ndpi_detection_module_struct {
   
   void *hyperscan; /* Intel Hyperscan */
 };
-#endif
+  
+#endif /* NDPI_LIB_COMPILATION */
 
 struct ndpi_flow_struct {
   u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE];
@@ -996,7 +1024,6 @@ struct ndpi_flow_struct {
 
   /* init parameter, internal used to set up timestamp,... */
   u_int16_t guessed_protocol_id, guessed_host_protocol_id, guessed_category;
-
   u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1, check_extra_packets:1;
 
   /*
@@ -1007,6 +1034,8 @@ struct ndpi_flow_struct {
 
   u_int8_t max_extra_packets_to_check;
   u_int8_t num_extra_packets_checked;
+  u_int8_t num_processed_pkts; /* <= WARNING it can wrap but we do expect people to giveup earlier */
+  
   int (*extra_packets_func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow);
 
   /*
@@ -1055,7 +1084,7 @@ struct ndpi_flow_struct {
 
     struct {
       struct {
-	char client_certificate[48], server_certificate[48];
+	char client_certificate[64], server_certificate[64];
       } ssl;
       
       struct {
@@ -1099,97 +1128,94 @@ struct ndpi_flow_struct {
 
   /* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */
   NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask;
- 
 
-#ifdef NDPI_PROTOCOL_REDIS
+  ndpi_protocol_category_t category;
+  
+/* NDPI_PROTOCOL_REDIS */
   u_int8_t redis_s2d_first_char, redis_d2s_first_char;
-#endif
+  
   u_int16_t packet_counter;		      // can be 0 - 65000
   u_int16_t packet_direction_counter[2];
   u_int16_t byte_counter[2];
-#ifdef NDPI_PROTOCOL_BITTORRENT
+/* NDPI_PROTOCOL_BITTORRENT */
   u_int8_t bittorrent_stage;		      // can be 0 - 255
-#endif
-#ifdef NDPI_PROTOCOL_DIRECTCONNECT
+
+/* NDPI_PROTOCOL_DIRECTCONNECT */
   u_int32_t directconnect_stage:2;	      // 0 - 1
-#endif
-#ifdef NDPI_PROTOCOL_SIP
-#ifdef NDPI_PROTOCOL_YAHOO
+
+/* NDPI_PROTOCOL_YAHOO */
   u_int32_t sip_yahoo_voice:1;
-#endif
-#endif
-#ifdef NDPI_PROTOCOL_HTTP
+
+/* NDPI_PROTOCOL_HTTP */
   u_int32_t http_detected:1;
-#endif
-#ifdef NDPI_PROTOCOL_RTSP
+
+/* NDPI_PROTOCOL_RTSP */
   u_int32_t rtsprdt_stage:2;
   u_int32_t rtsp_control_flow:1;
-#endif
-#ifdef NDPI_PROTOCOL_YAHOO
+
+/* NDPI_PROTOCOL_YAHOO */
   u_int32_t yahoo_detection_finished:2;
-#endif
-#ifdef NDPI_PROTOCOL_ZATTOO
+
+/* NDPI_PROTOCOL_ZATTOO */
   u_int32_t zattoo_stage:3;
-#endif
-#ifdef NDPI_PROTOCOL_QQ
+
+/* NDPI_PROTOCOL_QQ */
   u_int32_t qq_stage:3;
-#endif
-#ifdef NDPI_PROTOCOL_THUNDER
+
+/* NDPI_PROTOCOL_THUNDER */
   u_int32_t thunder_stage:2;		        // 0 - 3
-#endif
-#ifdef NDPI_PROTOCOL_OSCAR
+  
+/* NDPI_PROTOCOL_OSCAR */
   u_int32_t oscar_ssl_voice_stage:3;
   u_int32_t oscar_video_voice:1;
-#endif
-#ifdef NDPI_PROTOCOL_FLORENSIA
+
+/* NDPI_PROTOCOL_FLORENSIA */
   u_int32_t florensia_stage:1;
-#endif
-#ifdef NDPI_PROTOCOL_SOCKS
+
+/* NDPI_PROTOCOL_SOCKS */
   u_int32_t socks5_stage:2;	                // 0 - 3
   u_int32_t socks4_stage:2;	                // 0 - 3
-#endif
-#ifdef NDPI_PROTOCOL_EDONKEY
+
+/* NDPI_PROTOCOL_EDONKEY */
   u_int32_t edonkey_stage:2;	                // 0 - 3
-#endif
-#ifdef NDPI_PROTOCOL_FTP_CONTROL
+
+/* NDPI_PROTOCOL_FTP_CONTROL */
   u_int32_t ftp_control_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_RTMP
+
+/* NDPI_PROTOCOL_RTMP */
   u_int32_t rtmp_stage:2;
-#endif
-#ifdef NDPI_PROTOCOL_PANDO
+
+/* NDPI_PROTOCOL_PANDO */
   u_int32_t pando_stage:3;
-#endif
-#ifdef NDPI_PROTOCOL_STEAM
+
+/* NDPI_PROTOCOL_STEAM */
   u_int32_t steam_stage:3;
   u_int32_t steam_stage1:3;			// 0 - 4
   u_int32_t steam_stage2:2;			// 0 - 2
   u_int32_t steam_stage3:2;			// 0 - 2
-#endif
-#ifdef NDPI_PROTOCOL_PPLIVE
+
+/* NDPI_PROTOCOL_PPLIVE */
   u_int32_t pplive_stage1:3;			// 0 - 6
   u_int32_t pplive_stage2:2;			// 0 - 2
   u_int32_t pplive_stage3:2;			// 0 - 2
-#endif
-#ifdef NDPI_PROTOCOL_STARCRAFT
+
+/* NDPI_PROTOCOL_STARCRAFT */
   u_int32_t starcraft_udp_stage : 3;	// 0-7
-#endif
-#ifdef NDPI_PROTOCOL_OPENVPN
+
+/* NDPI_PROTOCOL_OPENVPN */
   u_int8_t ovpn_session_id[8];
   u_int8_t ovpn_counter;
-#endif
-#ifdef NDPI_PROTOCOL_TINC
+
+/* NDPI_PROTOCOL_TINC */
   u_int8_t tinc_state;
   struct tinc_cache_entry tinc_cache_entry;
-#endif
-#ifdef NDPI_PROTOCOL_CSGO
+
+/* NDPI_PROTOCOL_CSGO */
   u_int8_t csgo_strid[18],csgo_state,csgo_s2;
   u_int32_t csgo_id2;
-#endif
 
-#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI)
+/* NDPI_PROTOCOL_1KXUN || NDPI_PROTOCOL_IQIYI */
   u_int16_t kxun_counter, iqiyi_counter;
-#endif
 
   /* internal structures to save functions calls */
   struct ndpi_packet_struct packet;
@@ -1201,7 +1227,7 @@ struct ndpi_flow_struct {
 typedef struct {
   char *string_to_match, *string2_to_match, *pattern_to_match, *proto_name;
   int protocol_id;
-  ndpi_protocol_category_t proto_category;
+  ndpi_protocol_category_t protocol_category;
   ndpi_protocol_breed_t protocol_breed;
 } ndpi_protocol_match;
 
@@ -1211,4 +1237,10 @@ typedef struct {
   u_int8_t value;
 } ndpi_network;
 
-#endif/* __NDPI_TYPEDEFS_H__ */
+typedef struct {
+  int protocol_id;
+  ndpi_protocol_category_t protocol_category;
+  ndpi_protocol_breed_t protocol_breed;
+} ndpi_protocol_match_result;
+
+#endif /* __NDPI_TYPEDEFS_H__ */
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
deleted file mode 100644
index 10a54c719..000000000
--- a/src/lib/Makefile.am
+++ /dev/null
@@ -1,181 +0,0 @@
-lib_LTLIBRARIES = libndpi.la
-
-CFLAGS += -fPIC -DPIC -DNDPI_LIB_COMPILATION # --coverage
-libndpi_la_CPPFLAGS = -I$(top_srcdir)/src/include/  -I$(top_srcdir)/src/lib/third_party/include/ @HS_INC@
-libndpi_la_LDFLAGS = -version-info 1:0:0 -export-symbols $(top_srcdir)/libndpi.sym
-
-libndpi_la_includedir = $(includedir)/libndpi-@VERSION@/libndpi
-
-libndpi_la_include_HEADERS = ../include/ndpi_api.h          \
-			     ../include/ndpi_define.h       \
-			     ../include/ndpi_main.h         \
-			     ../include/ndpi_includes.h     \
-			     ../include/ndpi_config.h       \
-			     ../include/ndpi_protocol_ids.h \
-			     ../include/ndpi_protocols.h    \
-			     ../include/ndpi_typedefs.h     \
-			     third_party/include/libcache.h
-
-libndpi_la_SOURCES = ndpi_content_match.c.inc \
-		     ndpi_main.c \
-		     protocols/afp.c \
-		     protocols/ajp.c \
-		     protocols/aimini.c \
-		     protocols/applejuice.c \
-		     protocols/apple_push.c \
-		     protocols/armagetron.c \
-		     protocols/ayiya.c \
-		     protocols/amqp.c \
-		     protocols/battlefield.c \
-		     protocols/bgp.c \
-		     protocols/bittorrent.c \
-		     protocols/bjnp.c \
-		     protocols/checkmk.c \
-		     protocols/ciscovpn.c \
-		     protocols/citrix.c \
-		     protocols/coap.c \
-		     protocols/collectd.c \
-		     protocols/corba.c \
-		     protocols/crossfire.c \
-		     protocols/csgo.c \
-		     protocols/dcerpc.c \
-		     protocols/dhcp.c \
-		     protocols/dhcpv6.c \
-		     protocols/diameter.c \
-		     protocols/directconnect.c \
-		     protocols/directdownloadlink.c \
-		     protocols/dns.c \
-		     protocols/dofus.c \
-		     protocols/drda.c \
-		     protocols/dropbox.c \
-		     protocols/eaq.c \
-		     protocols/edonkey.c \
-		     protocols/fasttrack.c \
-		     protocols/fbzero.c \
-		     protocols/fiesta.c \
-		     protocols/fix.c \
-		     protocols/florensia.c \
-		     protocols/ftp_control.c \
-		     protocols/ftp_data.c \
-		     protocols/git.c \
-		     protocols/gnutella.c \
-		     protocols/gtp.c \
-		     protocols/guildwars.c \
-		     protocols/hangout.c \
-		     protocols/h323.c \
-		     protocols/halflife2_and_mods.c \
-		     protocols/hep.c \
-		     protocols/http_activesync.c \
-		     protocols/http.c \
-		     protocols/iax.c \
-		     protocols/icecast.c \
-		     protocols/ipp.c \
-		     protocols/irc.c \
-		     protocols/jabber.c \
-		     protocols/kakaotalk_voice.c \
-		     protocols/kerberos.c \
-		     protocols/kontiki.c \
-		     protocols/ldap.c \
-		     protocols/lotus_notes.c \
-		     protocols/lisp.c \
-		     protocols/mail_imap.c \
-		     protocols/mail_pop.c \
-		     protocols/mail_smtp.c \
-		     protocols/maplestory.c \
-		     protocols/mdns.c \
-		     protocols/megaco.c \
-		     protocols/mgcp.c \
-		     protocols/mpegts.c \
-		     protocols/mqtt.c \
-		     protocols/msn.c \
-		     protocols/mssql_tds.c \
-		     protocols/mysql.c \
-		     protocols/netbios.c \
-		     protocols/netflow.c \
-		     protocols/nintendo.c \
-		     protocols/nfs.c \
-		     protocols/noe.c \
-		     protocols/non_tcp_udp.c \
-		     protocols/ntp.c \
-		     protocols/openft.c \
-		     protocols/openvpn.c \
-		     protocols/oracle.c \
-		     protocols/oscar.c \
-		     protocols/pando.c \
-		     protocols/pcanywhere.c \
-		     protocols/postgres.c \
-		     protocols/pplive.c \
-		     protocols/ppstream.c \
-		     protocols/pptp.c \
-		     protocols/qq.c \
-		     protocols/quic.c \
-		     protocols/radius.c \
-		     protocols/rdp.c \
-		     protocols/redis_net.c \
-		     protocols/rsync.c \
-		     protocols/rtcp.c \
-		     protocols/rtmp.c \
-		     protocols/rtp.c \
-		     protocols/rtsp.c \
-		     protocols/rx.c \
-		     protocols/sflow.c \
-		     protocols/shoutcast.c \
-		     protocols/sip.c \
-		     protocols/skinny.c \
-		     protocols/skype.c \
-		     protocols/smb.c \
-		     protocols/snmp.c \
-		     protocols/socks45.c \
-		     protocols/sopcast.c \
-		     protocols/soulseek.c \
-		     protocols/spotify.c \
-		     protocols/ssdp.c \
-		     protocols/ssh.c \
-		     protocols/ssl.c \
-		     protocols/starcraft.c \
-		     protocols/stealthnet.c \
-		     protocols/steam.c \
-		     protocols/stun.c \
-		     protocols/syslog.c \
-		     protocols/tcp_udp.c \
-		     protocols/teamspeak.c \
-		     protocols/teamviewer.c \
-		     protocols/telegram.c \
-		     protocols/telnet.c \
-		     protocols/tftp.c \
-		     protocols/thunder.c \
-		     protocols/tor.c \
-		     protocols/teredo.c \
-		     protocols/tvants.c \
-		     protocols/tvuplayer.c \
-		     protocols/ubntac2.c \
-		     protocols/usenet.c \
-		     protocols/viber.c \
-		     protocols/vhua.c \
-		     protocols/vmware.c \
-		     protocols/vnc.c \
-		     protocols/warcraft3.c \
-		     protocols/whoisdas.c \
-		     protocols/world_of_kung_fu.c \
-		     protocols/world_of_warcraft.c \
-		     protocols/xbox.c \
-		     protocols/xdmcp.c \
-		     protocols/yahoo.c \
-		     protocols/zattoo.c \
-		     protocols/zeromq.c \
-		     protocols/smpp.c \
-		     protocols/tinc.c \
-		     protocols/someip.c \
-		     protocols/whatsapp.c \
-		     third_party/include/actypes.h \
-		     third_party/include/ahocorasick.h \
-		     third_party/include/ndpi_patricia.h \
-		     third_party/include/node.h \
-		     third_party/include/sort.h \
-		     third_party/include/libcache.h \
-		     third_party/src/ahocorasick.c \
-		     third_party/src/node.c \
-		     third_party/src/sort.c \
-		     third_party/src/libcache.c
-
-EXTRA_DIST = third_party/src/ndpi_patricia.c
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
new file mode 100644
index 000000000..0ffeb9db5
--- /dev/null
+++ b/src/lib/Makefile.in
@@ -0,0 +1,67 @@
+#
+# Simple non-autotools dependent makefile
+#
+# ./autogen.sh
+# cd src/lib
+# make Makefile
+#
+
+
+#
+# Installation directories
+#
+prefix     = /usr/local
+libdir     = ${prefix}/lib
+includedir = ${prefix}/include/ndpi
+CC         = @CC@
+CFLAGS     += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -O2 -g
+RANLIB     = ranlib
+
+OBJECTS   = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o
+HEADERS   = $(wildcard ../include/*.h)
+NDPI_VERSION_MAJOR   = @NDPI_MAJOR@
+NDPI_LIB_STATIC      = libndpi.a
+NDPI_LIB_SHARED_BASE = libndpi.so
+NDPI_LIB_SHARED      = $(NDPI_LIB_SHARED_BASE).@NDPI_VERSION_SHORT@
+NDPI_LIBS            = $(NDPI_LIB_STATIC) $(NDPI_LIB_SHARED)
+
+ifneq ($(OS),Windows_NT)
+OS := $(shell uname)
+endif
+
+ifeq ($(OS),Darwin)
+CC=clang
+SONAME_FLAG=
+else
+SONAME_FLAG=-Wl,-soname,$(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR)
+endif
+
+all: $(NDPI_LIBS)
+
+ndpi_main.c: ndpi_content_match.c.inc
+
+$(NDPI_LIB_STATIC): $(OBJECTS)
+	   ar rc $@ $(OBJECTS)
+	   $(RANLIB) $@	       
+
+$(NDPI_LIB_SHARED): $(OBJECTS)
+	$(CC) -shared -fPIC $(SONAME_FLAG) -o $@ $(OBJECTS)
+	ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE)
+	ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR)
+
+%.o: %.c $(HEADERS) Makefile
+	$(CC) $(CFLAGS) -c $< -o $@
+
+clean:
+	/bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo $(NDPI_LIB_SHARED)
+
+distclean: clean
+	/bin/rm -f Makefile
+
+install: $(NDPI_LIBS)
+	mkdir -p $(DESTDIR)$(libdir)
+	cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/
+	ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE)
+	ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE).$(NDPI_VERSION_MAJOR)
+	mkdir -p $(DESTDIR)$(includedir)
+	cp ../include/*.h $(DESTDIR)$(includedir)
diff --git a/src/lib/Makefile.simple b/src/lib/Makefile.simple
deleted file mode 100644
index 1aae55636..000000000
--- a/src/lib/Makefile.simple
+++ /dev/null
@@ -1,22 +0,0 @@
-#
-# Simple non-autotools dependent makefile
-#
-# ./autogen.sh
-# cd src/lib
-# make -f Makefile.simple
-#
-CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION
-RANLIB=ranlib
-
-OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o
-HEADERS = $(wildcard ../include/*.h)
-
-libndpi.a: $(OBJECTS)
-	   ar rc $@ $(OBJECTS)
-	   $(RANLIB) $@	       
-	   
-%.o: %.c $(HEADERS) Makefile
-	$(CC) $(CFLAGS) -c $< -o $@
-
-clean:
-	/bin/rm -f libndpi.a $(OBJECTS)
\ No newline at end of file
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index d65565b3c..e8cc040e1 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -21,7 +21,6 @@
 /* ****************************************************** */
 
 static ndpi_network host_protocol_list[] = {
-
   /*
     SoundCloud
   */
@@ -71,7 +70,6 @@ static ndpi_network host_protocol_list[] = {
   { 0xB92D0600 /* 185.45.6.0/23 */, 23, NDPI_PROTOCOL_TWITTER },
   { 0xBC40E000 /* 188.64.224.0/21 */, 21, NDPI_PROTOCOL_TWITTER },
   { 0xC02C4400 /* 192.44.68.0/23 */, 23, NDPI_PROTOCOL_TWITTER },
-  { 0xC030EC00 /* 192.48.236.0/23 */, 23, NDPI_PROTOCOL_TWITTER },
   { 0xC0854C00 /* 192.133.76.0/22 */, 22, NDPI_PROTOCOL_TWITTER },
   { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_PROTOCOL_TWITTER },
   { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_PROTOCOL_TWITTER },
@@ -82,6 +80,8 @@ static ndpi_network host_protocol_list[] = {
   /*
     WhatsApp Inc.
   */
+  { 0x1F0D4B00 /* 31.13.75.0/24 */,     24, NDPI_PROTOCOL_WHATSAPP },
+  { 0x1F0D5600 /* 31.13.86.0/24 */,     24, NDPI_PROTOCOL_WHATSAPP },
   { 0x3216C6CC /* 50.22.198.204/30 */,  30, NDPI_PROTOCOL_WHATSAPP },
   { 0x4B7E2720 /* 75.126.39.32/27 */,   27, NDPI_PROTOCOL_WHATSAPP },
   { 0x6CA8B460 /* 108.168.180.96/27 */, 27, NDPI_PROTOCOL_WHATSAPP },
@@ -112,11 +112,12 @@ static ndpi_network host_protocol_list[] = {
     WeChat
     origin AS132203, AS132591, AS45090
   */
-
   { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT },
   { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT },
   { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT },
-  { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT },
+  { 0x67071E25 /* 103.7.30.37/32     */, 32, NDPI_PROTOCOL_WECHAT },
+  { 0XCBCDB000 /* 203.205.176.0/20   */, 20, NDPI_PROTOCOL_WECHAT },
+  { 0XCBCDC000 /* 203.205.192.0/18   */, 18, NDPI_PROTOCOL_WECHAT },
 
   /*
     OpenDNS, LLC
@@ -542,7 +543,7 @@ static ndpi_network host_protocol_list[] = {
   { 0xC0AD4000 /* 192.173.64.0/18 */, 18, NDPI_PROTOCOL_NETFLIX },
   { 0xC6266000 /* 198.38.96.0/19 */, 19, NDPI_PROTOCOL_NETFLIX },
   { 0xC62D3000 /* 198.45.48.0/20 */, 20, NDPI_PROTOCOL_NETFLIX },
-  { 0xD194D687 /* 209.148.214.135/21 */, 21, NDPI_PROTOCOL_NETFLIX }, 
+  { 0xD194D687 /* 209.148.214.135/21 */, 21, NDPI_PROTOCOL_NETFLIX },
 
   /*
     Cloudflare, Inc.
@@ -609,10 +610,10 @@ static ndpi_network host_protocol_list[] = {
   /* Teamviewer 159.122.189.32-63 */
   { 0x9F7ABD30 /* 159.122.189.32 */, 21, NDPI_PROTOCOL_TEAMVIEWER },
 
+#if 0
   /*
     IFLIX services -by www.vizuamatix.com R&D team
   */
-
   { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_PROTOCOL_IFLIX },
   { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_PROTOCOL_IFLIX },
   { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_PROTOCOL_IFLIX },
@@ -622,6 +623,7 @@ static ndpi_network host_protocol_list[] = {
   { 0x36C09600 /* 54.192.150.0  */, 24, NDPI_PROTOCOL_IFLIX },
   { 0x344AC0F7 /* 52.74.192.247  */, 32, NDPI_PROTOCOL_IFLIX },
   { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_PROTOCOL_IFLIX },
+#endif
 
   /*
     Citrix GotoMeeting (AS16815, AS21866)
@@ -706,6 +708,7 @@ static ndpi_network host_protocol_list[] = {
   { 0x287F816D /* 40.126.129.109 */, 32, NDPI_PROTOCOL_SKYPE },
   { 0x4237DF00 /* 65.55.223.0 */, 26, NDPI_PROTOCOL_SKYPE },
   { 0x17600000 /* 23.96.0.0 */, 13, NDPI_PROTOCOL_SKYPE },
+  { 0x34724A05 /* 52.114.74.5 */, 32, NDPI_PROTOCOL_SKYPE },
 
   /*
     Blizzard Entertainment, Inc
@@ -809,11 +812,11 @@ static ndpi_network host_protocol_list[] = {
 
   /*
     Canonical Ltd (Ubuntu)
-    origin AS41231
+    origin AS41231z
   */
 
-  { 0x5BBD5800 /* 91.189.88.0/21 */, 21, NDPI_PROTOCOL_UBUNTUONE },
-  { 0xA2D52000 /* 162.213.32.0/22 */, 22, NDPI_PROTOCOL_UBUNTUONE },
+  { 0x5BBD5800 /* 91.189.88.0/21 */,   21, NDPI_PROTOCOL_UBUNTUONE },
+  { 0xA2D52000 /* 162.213.32.0/22 */,  22, NDPI_PROTOCOL_UBUNTUONE },
   { 0xB97DBC00 /* 185.125.188.0/22 */, 22, NDPI_PROTOCOL_UBUNTUONE },
 
   /*
@@ -7925,7 +7928,7 @@ static ndpi_network host_protocol_list[] = {
     Valve Corporation (Steam)
     origin AS32590
   */
-  
+
   { 0x2D79B800 /* 45.121.184.0/22 */, 22, NDPI_PROTOCOL_STEAM },
   { 0x670A7C00 /* 103.10.124.0/23 */, 23, NDPI_PROTOCOL_STEAM },
   { 0x671C3600 /* 103.28.54.0/23 */, 23, NDPI_PROTOCOL_STEAM },
@@ -7943,18 +7946,18 @@ static ndpi_network host_protocol_list[] = {
   { 0xD040C800 /* 208.64.200.0/24 */, 24, NDPI_PROTOCOL_STEAM },
   { 0xD040C900 /* 208.64.201.0/22 */, 22, NDPI_PROTOCOL_STEAM },
   { 0xD04EA400 /* 208.78.164.0/22 */, 22, NDPI_PROTOCOL_STEAM },
-  
+
   /*
     VidTO
   */
-  
-  { 0x51111030 /* 81.17.16.48/32 */, 32, NDPI_PROTOCOL_VIDTO },
+  { 0x51111030 /* 81.17.16.48/32 */, 32,  NDPI_PROTOCOL_VIDTO  },
   { 0x5fb7329d /* 95.183.50.157/32 */, 32, NDPI_PROTOCOL_VIDTO },
   { 0x577824f2 /* 87.120.36.242/32 */, 32, NDPI_PROTOCOL_VIDTO },
-  
+
   { 0x0, 0, 0 }
 };
 
+
 /* ****************************************************** */
 
 /*
@@ -8007,70 +8010,102 @@ static ndpi_network host_protocol_list[] = {
 
 */
 
+/* ****************************************************** */
+
+/*
+
+Each part of a domain name can be no longer than 63 characters. There are no single-digit top-level domains and none contain digits. It doesn't look like ICANN will approve such domains either.
+
+https://www.regular-expressions.info/email.html
+
+(?i) is to make searches case insensitive
+
+(?:) is a non-capturing group used to allow patterns such as .co.uk or .com.cn
+     The non-capturing group is used in a nested fashion to capture the
+     .co, and then, optionally, another m.
+
+*/
+
+#define TLD "(?i)(?:\\.co(?:m)?)?\\.[a-z]{2,63}$"
+
+/* ****************************************************** */
+
 ndpi_protocol_match host_match[] = {
-  { "s3.ll.dash.row.aiv-cdn.net", NULL, "s3\\.ll\\.dash\\.row\\.aiv-cdn\\.net",  "AmazonVideo",      NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "s3.ll.dash.row.aiv-cdn.net", NULL, "s3\\.ll\\.dash\\.row\\.aiv-cdn\\.net",          "AmazonVideo",      NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
   { "s3-dub.cf.dash.row.aiv-cdn.net", NULL, "s3-dub\\.cf\\.dash\\.row\\.aiv-cdn\\.net",  "AmazonVideo",      NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "dmqdd6hw24ucf.cloudfront.net", NULL, "dmqdd6hw24ucf\\.cloudfront\\.net",  "AmazonVideo",      NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "d25xi40x97liuc.cloudfront.net", NULL, "d25xi40x97liuc\\.cloudfront\\.net",  "AmazonVideo",      NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { ".aiv-delivery.net", NULL, "\\.aiv-delivery\\.net",                          "AmazonVideo",      NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "amazon.", NULL, NULL,                                 "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { "amazon.com", NULL, "amazon\\.com$",                   "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { "images-amazon.com", NULL, "images-amazon\\.com$",     "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { "amazonaws.com", NULL, "amazonaws\\.com$",             "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { "amazon-adsystem.com", NULL, "amazon-adsystem\\.com$", "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".cloudfront.net", NULL, "\\.cloudfront\\.net$",       "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-
-  { ".push.apple.com", NULL, NULL,          "ApplePush",        NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE },
-  { ".apple-dns.net", NULL, NULL,           "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".mzstatic.com", NULL, NULL,            "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".aaplimg.com", NULL, NULL,             "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { "iosapps.itunes.apple.com", NULL, NULL, "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */
-  { "osxapps.itunes.apple.com", NULL, NULL, "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */
-  { "buy.itunes.apple.com", NULL, NULL,     "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
-  { "su.itunes.apple.com", NULL, NULL,      "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
-  { "se.itunes.apple.com", NULL, NULL,      "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
-  { "myapp.itunes.apple.com", NULL, NULL,   "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
-  { "swscan.apple.com", NULL, NULL,         "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
-  { "itunes-apple.com", NULL, NULL,         "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
-  { "itunes.apple.com", NULL, NULL,         "AppleiTunes",      NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "aaplimg.com", NULL, NULL,              "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
-  { ".apple.com", NULL, NULL,               "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".icloud.com", NULL, NULL,              "AppleiCloud",      NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-
-  { ".cnn.c", NULL, NULL,                   "CNN",              NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "dmqdd6hw24ucf.cloudfront.net", NULL, "dmqdd6hw24ucf\\.cloudfront\\.net",            "AmazonVideo",      NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "d25xi40x97liuc.cloudfront.net", NULL, "d25xi40x97liuc\\.cloudfront\\.net",          "AmazonVideo",      NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { ".aiv-delivery.net", NULL, "\\.aiv-delivery\\.net",                                  "AmazonVideo",      NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "amazon.", NULL, NULL,                              "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "amazon.com", NULL, "amazon" TLD,                   "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "images-amazon.com", NULL, "images-amazon" TLD,     "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "amazonaws.com", NULL, "amazonaws" TLD,             "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "amazon-adsystem.com", NULL, "amazon-adsystem" TLD, "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".cloudfront.net", NULL, "\\.cloudfront" TLD,       "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+
+  { ".push.apple.com", NULL, "\\.push\\.apple" TLD,                   "ApplePush",        NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE },
+  { ".apple-dns.net", NULL, "\\.apple-dns" TLD,                       "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".mzstatic.com", NULL, "\\.mzstatic" TLD,                         "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".aaplimg.com", NULL, "\\.aaplimg" TLD,                           "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "aaplimg.com", NULL, "aaplimg" TLD,                               "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
+  { ".apple.com", NULL, "\\.apple" TLD,                               "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".icloud.com", NULL, "\\.icloud\\.com",                           "AppleiCloud",      NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "iosapps.itunes.apple.com", NULL, "iosapps\\.itunes\\.apple" TLD, "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */
+  { "osxapps.itunes.apple.com", NULL, "osxapps\\.itunes\\.apple" TLD, "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */
+  { "buy.itunes.apple.com", NULL, "buy\\.itunes\\.apple" TLD,         "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
+  { "su.itunes.apple.com", NULL, "su\\.itunes\\.apple" TLD,           "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
+  { "se.itunes.apple.com", NULL, "se\\.itunes\\.apple" TLD,           "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
+  { "myapp.itunes.apple.com", NULL, "myapp\\.itunes\\.apple" TLD,     "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
+  { "swscan.apple.com", NULL, "swscan\\.apple" TLD,                   "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
+  { "itunes-apple.com", NULL, "itunes-apple" TLD,                     "AppleStore",       NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
+  { "itunes.apple.com", NULL, "itunes\\.apple" TLD,                   "AppleiTunes",      NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "tlnk.io", NULL, "tlnk" TLD,         	                      "AppleiTunes",      NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+
+
+  { ".cnn.c", NULL, "\\.cnn" TLD,           "CNN",              NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
   { ".cnn.net", NULL, NULL,                 "CNN",              NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
 
-  { ".dropbox.com", NULL, NULL,             "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".dropboxstatic.com", NULL, NULL,       "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".dropbox-dns.com", NULL, NULL,         "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
-  { "log.getdropbox.com", NULL, NULL,       "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".dropbox.com", NULL, "\\.dropbox" TLD,             "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".dropboxstatic.com", NULL, "\\.dropboxstatic" TLD, "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".dropbox-dns.com", NULL, "\\.dropbox-dns" TLD,     "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+  { "log.getdropbox.com", NULL, "log\\.getdropbox" TLD, "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+
+  { ".ebay.", NULL, "\\.ebay" TLD,                      "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },  /* or FUN */
+  { ".ebay.com", NULL, NULL,                            "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".ebaystatic.com", NULL, "\\.ebaystatic" TLD,       "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".ebaydesc.com", NULL, "\\.ebaydesc" TLD,           "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".ebayrtm.com", NULL, "\\.ebayrtm" TLD,             "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".ebaystratus.com", NULL, "\\.ebaystratus" TLD,     "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".ebayimg.com", NULL, "\\.ebayimg" TLD,             "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
 
-  { ".ebay.", NULL, NULL,                   "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */
-  { ".ebay.com", NULL, NULL,                "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".ebaystatic.com", NULL, NULL,          "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".ebaydesc.com", NULL, NULL,            "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".ebayrtm.com", NULL, NULL,             "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".ebaystratus.com", NULL, NULL,         "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".ebayimg.com", NULL, NULL,             "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */
+  { ".instagram.", NULL, "\\.instagram" TLD,            "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { "instagram.", NULL, "instagram" TLD,                "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".cdninstagram.com", NULL, "\\.cdninstagram" TLD,   "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+
+  { "igcdn-photos-", NULL, "igcdn-photos-",             "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { "instagramimages-", NULL, "instagramimages-",       "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { "instagramstatic-", NULL, "instagramstatic-",       "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
 
-  { "facebook.com", NULL, NULL,             "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "fbstatic-a.akamaihd.net", NULL, NULL,  "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { ".fbcdn.net", NULL, NULL,               "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "fbcdn-", NULL, NULL,                   "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { ".facebook.net", NULL, NULL,            "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { ".fbsbx.com", NULL, NULL,               "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { "facebook.com", NULL, "facebook" TLD,                         "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { "fbstatic-a.akamaihd.net", NULL, "fbstatic-a\\.akamaihd" TLD, "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".fbcdn.net", NULL, "\\.fbcdn" TLD,                           "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { "fbcdn-", NULL, "fbcdn-",                                     "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".facebook.net", NULL, "\\.facebook" TLD,                     "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".fbsbx.com", NULL, "\\.fbsbx" TLD,                           "Facebook",         NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
 
-  { ".speedtest.net", NULL, NULL,           "Ookla",            NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE },
+  { "speedtest.", NULL, "speedtest\\." TLD,                       "Ookla",            NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE },
+  { ".ooklaserver.net", NULL, "\\.ooklaserver\\.net" TLD,         "Ookla",            NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE },
 
-  { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs",     NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE },
+  { "ntop.org", NULL, "ntop\\.org$",                     "ntop",         NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE },
 
-  { "drive-thirdparty.googleusercontent.com", NULL, NULL,       "GoogleDrive",      NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "drive.google.com",                       NULL, NULL,       "GoogleDrive",      NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+  { "docs.googleusercontent.com", NULL, "docs.googleusercontent" TLD,   "GoogleDocs",     NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE },
+  { "docs.google.com",            NULL, "docs.google" TLD,              "GoogleDocs",     NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { "android.clients.google.com", NULL, NULL,   "PlayStore",    NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
-  { "ggpht.com", NULL, NULL,                    "PlayStore",    NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
+  { "drive-thirdparty.googleusercontent.com", NULL, "drive-thirdparty\\.googleusercontent" TLD,  "GoogleDrive",      NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "drive.google.com",                       NULL, "drive.google" TLD,                          "GoogleDrive",      NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { "ntop.org", NULL, NULL,                     "ntop",         NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE },
+  { "android.clients.google.com", NULL, "android\\.clients\\.google" TLD,   "PlayStore",    NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
 
   /*
     See https://better.fyi/trackers/
@@ -8091,289 +8126,302 @@ ndpi_protocol_match host_match[] = {
     Gstatic by Google (gstatic.com)
   */
 
+
+
   /* Google Advertisements */
-  { ".googlesyndication.com", NULL, NULL,   "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
-  { "googleads.", NULL, NULL,               "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
-  { ".doubleclick.net", NULL, NULL,         "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
-  { "googleadservices.", NULL, NULL,        "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
-  { ".2mdn.net", NULL, NULL,                "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
-  { ".dmtry.com", NULL, NULL,               "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
-  { "google-analytics.", NULL, NULL,        "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
-  { "gtv1.com", NULL, NULL,                 "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-
-  /* Google Hangout */ 
-  { "images2-hangout-opensocial.googleusercontent.com", NULL, NULL, "GoogleHangout", NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".googlesyndication.com", NULL, "\\.googlesyndication" TLD,   "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
+  { "googleads.", NULL, "googleads\\.",                           "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
+  { ".doubleclick.net", NULL, "\\.doubleclick" TLD,               "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
+  { "googleadservices.", NULL, "googleadservices\\.",             "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
+  { ".2mdn.net", NULL, "\\.2mdn" TLD,                             "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
+  { ".dmtry.com", NULL, "\\.dmtry" TLD,                           "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
+  { "google-analytics.", NULL, "google-analytics\\.",             "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS },
+  { "gtv1.com", NULL, "gtv1" TLD,                                 "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+
+  /* Google Hangout */
+  { "images2-hangout-opensocial.googleusercontent.com", NULL, "images2-hangout-opensocial\\.googleusercontent" TLD, "GoogleHangout", NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
 
   /* Google Services */
-  { "googleapis.com", NULL, NULL,           "GoogleServices",   NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".googletagservices.com", NULL, NULL,   "GoogleServices",   NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { "mtalk.google.com", NULL, NULL,         "GoogleServices",   NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "googleapis.com", NULL, "googleapis" TLD,                     "GoogleServices",   NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".googletagservices.com", NULL, "\\.googletagservices" TLD,   "GoogleServices",   NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "mtalk.google.com", NULL, "mtalk\\.google" TLD,               "GoogleServices",   NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { "plus.google.com", NULL, NULL,          "GooglePlus",       NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "plus.url.google.com", NULL, NULL,      "GooglePlus",       NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { "plus.google.com", NULL, "plus\\.google" TLD,                 "GooglePlus",       NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { "plus.url.google.com", NULL, "plus\\.url\\.google" TLD,       "GooglePlus",       NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
 
   /* http://check.googlezip.net/connect [check browser connectivity] */
-  { ".googlezip.net", NULL, NULL,           "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".googlezip.net", NULL, "\\.googlezip" TLD,                   "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
 
-  { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs",     NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE },
-  { "docs.google.com",            NULL, NULL, "GoogleDocs",     NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE },
+  { "googleusercontent.com", NULL, "googleusercontent" TLD,       "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "1e100.net", NULL, "1e100" TLD,                               "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { "googleusercontent.com", NULL, NULL,    "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { "1e100.net", NULL, NULL,                "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "maps.google.", NULL, "maps\\.google" TLD,                    "GoogleMaps",       NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "maps.gstatic.com", NULL, "maps\\.gstatic" TLD,               "GoogleMaps",       NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
 
-  { "maps.google.", NULL, NULL,             "GoogleMaps",       NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { "maps.gstatic.com", NULL, NULL,         "GoogleMaps",       NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".gmail.", NULL, "\\.gmail" TLD,                              "GMail",            NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE },
+  { "mail.google.", NULL, "mail\\.google" TLD,                    "GMail",            NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { ".gmail.", NULL, NULL,                  "GMail",            NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE },
-  { "mail.google.", NULL, NULL,             "GMail",            NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE },
+  { "google.", NULL, "google" TLD,                                "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".google.", NULL, NULL,                                       "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".gstatic.com", NULL, "\\.gstatic" TLD,                       "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "ggpht.com", NULL, "ggpht" TLD,                               "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
 
-  { "google.", NULL, NULL,                  "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".google.", NULL, NULL,                 "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".gstatic.com", NULL, NULL,             "Google",           NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "mail.outlook.com", NULL, "mail\\.outlook" TLD,               "Hotmail",          NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { "mail.outlook.com", NULL, NULL,         "Hotmail",          NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".last.fm", NULL, "\\.last\\.fm$",                            "LastFM",           NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
 
-  { ".last.fm", NULL, NULL,                 "LastFM",           NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "msn.com", NULL, "msn" TLD,                                   "MSN",              NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* News site */
 
-  { "msn.com", NULL, NULL,                  "MSN",              NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* News site */
+  { "netflix.com", NULL, "netflix" TLD,                           "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "nflxext.com", NULL, "nflxext" TLD,                           "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "nflximg.com", NULL, "nflximg" TLD,                           "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "nflximg.net", NULL, "nflximg" TLD,                           "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "nflxvideo.net", NULL, "nflxvideo" TLD,                       "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "nflxso.net", NULL, "nflxso" TLD,                             "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
 
-  { "netflix.com", NULL, NULL,              "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "nflxext.com", NULL, NULL,              "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "nflximg.com", NULL, NULL,              "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "nflximg.net", NULL, NULL,              "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "nflxvideo.net", NULL, NULL,            "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "nflxso.net", NULL, NULL,               "NetFlix",          NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { ".skype.", NULL, "\\.skype\\.",                                    "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".skypeassets.", NULL, "\\.skypeassets\\.",                        "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".skypedata.", NULL, "\\.skypedata\\.",                            "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".skypeecs-", NULL, "\\.skypeecs-",                                "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".skypeforbusiness.", NULL, "\\.skypeforbusiness\\.",              "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".lync.com", NULL, "\\.lync" TLD,                                  "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { "e7768.b.akamaiedge.net", NULL, "e7768\\.b\\.akamaiedge" TLD,      "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { "e4593.dspg.akamaiedge.net", NULL, "e4593\\.dspg\\.akamaiedge" TLD,"Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { "e4593.g.akamaiedge.net", NULL, "e4593\\.g\\.akamaiedge" TLD,      "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { ".skype.", NULL, NULL,                  "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".skypeassets.", NULL, NULL,            "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".skypedata.", NULL, NULL,              "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".skypeecs-", NULL, NULL,               "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".skypeforbusiness.", NULL, NULL,       "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".lync.com", NULL, NULL,                "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
-  { "e7768.b.akamaiedge.net", NULL, NULL,   "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
-  { "e4593.dspg.akamaiedge.net", NULL, NULL,"Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
-  { "e4593.g.akamaiedge.net", NULL, NULL,   "Skype",            NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".tuenti.com", NULL, "\\.tuenti" TLD,                              "Tuenti",           NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { ".tuenti.com", NULL, NULL,              "Tuenti",           NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".twttr.com", NULL, "\\.twttr" TLD,                                "Twitter",          NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { "twitter.", NULL, "twitter" TLD,                                   "Twitter",          NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { "twimg.com", NULL, "twimg" TLD,                                    "Twitter",          NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
 
-  { ".twttr.com", NULL, NULL,               "Twitter",          NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "twitter.", NULL, NULL,                 "Twitter",          NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "twimg.com", NULL, NULL,                "Twitter",          NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".viber.com", NULL, "\\.viber" TLD,                                "Viber",            NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".cdn.viber.com", NULL, NULL,                                      "Viber",            NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".viber.it", NULL, NULL,                                           "Viber",            NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { ".viber.com", NULL, NULL,               "Viber",            NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".cdn.viber.com", NULL, NULL,           "Viber",            NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".viber.it", NULL, NULL,                "Viber",            NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+  { "wikipedia.", NULL, "wikipedia" TLD,                               "Wikipedia",        NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "wikimedia.", NULL, "wikimedia" TLD,                               "Wikipedia",        NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "mediawiki.", NULL, "mediawiki" TLD,                               "Wikipedia",        NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "wikimediafoundation.", NULL, "wikimediafoundation" TLD,           "Wikipedia",        NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
 
-  { "wikipedia.", NULL, NULL,               "Wikipedia",        NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { "wikimedia.", NULL, NULL,               "Wikipedia",        NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { "mediawiki.", NULL, NULL,               "Wikipedia",        NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { "wikimediafoundation.", NULL, NULL,     "Wikipedia",        NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "mmg-fna.whatsapp.net", NULL, "mmg-fna\\.whatsapp" TLD,            "WhatsAppFiles",    NDPI_PROTOCOL_WHATSAPP_FILES, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".whatsapp.", NULL, "\\.whatsapp" TLD,                             "WhatsApp",         NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { "mmg-fna.whatsapp.net", NULL, NULL,     "WhatsAppFiles",    NDPI_PROTOCOL_WHATSAPP_FILES, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".whatsapp.", NULL, NULL,               "WhatsApp",         NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".yahoo.", NULL, "\\.yahoo" TLD,                                   "Yahoo",            NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".yimg.com", NULL, "\\.yimg" TLD,                                  "Yahoo",            NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "yahooapis.", NULL, "yahooapis" TLD,                               "Yahoo",            NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { ".yahoo.", NULL, NULL,                  "Yahoo",            NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".yimg.com", NULL, NULL,                "Yahoo",            NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { "yahooapis.", NULL, NULL,               "Yahoo",            NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "upload.youtube.com", NULL, "upload\\.youtube" TLD,                "YouTubeUpload",    NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "upload.video.google.com", NULL, "upload\\.video\\.google" TLD,    "YouTubeUpload",    NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "youtubei.googleapis.com", NULL, "youtubei\\.googleapis" TLD,      "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "youtube.", NULL, "youtube" TLD,                                   "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "youtu.be.", NULL, "youtu\\.be" TLD,                               "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "yt3.ggpht.com", NULL, "yt3\\.ggpht" TLD,                          "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { ".googlevideo.com", NULL, "\\.googlevideo" TLD,                    "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { ".ytimg.com", NULL, "\\.ytimg" TLD,                                "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "youtube-nocookie.", NULL, "youtube-nocookie" TLD,                 "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
 
-  { "upload.youtube.com", NULL, NULL,       "YouTubeUpload",    NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { "upload.video.google.com", NULL, NULL,  "YouTubeUpload",    NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { "youtube.", NULL, NULL,                 "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { "youtu.be.", NULL, NULL,                "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { "yt3.ggpht.com", NULL, NULL,            "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { ".googlevideo.com", NULL, NULL,         "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { ".ytimg.com", NULL, NULL,               "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { "youtube-nocookie.", NULL, NULL,        "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { "ggpht.com", NULL, NULL,                "YouTube",          NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { ".vevo.com", NULL, "\\.vevo" TLD,                                  "Vevo",             NDPI_PROTOCOL_VEVO,    NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
 
-  { ".vevo.com", NULL, NULL,                "Vevo",             NDPI_PROTOCOL_VEVO,    NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { ".spotify.", NULL, "\\.spotify" TLD,                               "Spotify",          NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "audio-fa.scdn.co", NULL, "audio-fa\\.scdn" TLD,                   "Spotify",          NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
 
-  { ".spotify.", NULL, NULL,                "Spotify",          NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { "audio-fa.scdn.co", NULL, NULL,         "Spotify",          NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "edge-mqtt.facebook.com", NULL, "edge-mqtt\\.facebook" TLD,        "Messenger",        NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { "messenger.com", NULL, "messenger\\.com" TLD,                      "Messenger",        NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
 
-  { "edge-mqtt.facebook.com", NULL, NULL,   "Messenger",        NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".pandora.com", NULL, "\\.pandora" TLD,                            "Pandora",          NDPI_PROTOCOL_PANDORA,  NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
 
-  { ".pandora.com", NULL, NULL,             "Pandora",          NDPI_PROTOCOL_PANDORA,  NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { ".torproject.org", NULL, "\\.torproject\\.org$",                   "Tor",              NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
 
-  { ".torproject.org", NULL, NULL,          "Tor",              NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
+  { ".kakao.com", NULL, "\\.kakao" TLD,                                "KakaoTalk",        NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { ".kakao.com", NULL, NULL,               "KakaoTalk",        NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+  { "ttvnw.net", NULL, "ttvnw" TLD,                                    "Twitch",           NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "static-cdn.jtvnw.net", NULL, "static-cdn\\.jtvnw" TLD,            "Twitch",           NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "www-cdn.jtvnw.net", NULL, "www-cdn\\.jtvnw" TLD,                  "Twitch",           NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
 
-  { "ttvnw.net", NULL, NULL,                "Twitch",           NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { "static-cdn.jtvnw.net", NULL, NULL,     "Twitch",           NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { "www-cdn.jtvnw.net", NULL, NULL,        "Twitch",           NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { ".qq.com", NULL, "\\.qq" TLD,                                      "QQ",               NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".gtimg.com", NULL, "\\.gtimg" TLD,                                "QQ",               NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
 
-  { "quickplay.com", NULL, NULL,            "QuickPlay",        NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-
-  { ".qq.com", NULL, NULL,                  "QQ",               NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { ".gtimg.com", NULL, NULL,               "QQ",               NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-
-  { ".weibo.com", NULL, NULL,               "Sina(Weibo)",      NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { ".sinaimg.cn", NULL, NULL,              "Sina",             NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { ".sinajs.cn", NULL, NULL,               "Sina",             NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { ".sina.cn", NULL, NULL,                 "Sina",             NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { ".sina.com.cn", NULL, NULL,             "Sina",             NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".weibo.com", NULL, "\\.weibo" TLD,                                "Sina(Weibo)",      NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".weibo.cn", NULL, NULL,                                           "Sina(Weibo)",      NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".sinaimg.cn", NULL, "\\.sinaimg" TLD,                             "Sina",             NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".sinajs.cn", NULL, "\\.sinajs" TLD,                               "Sina",             NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".sina.cn", NULL, "\\.sina" TLD,                                   "Sina",             NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".sina.com.cn", NULL, "\\.sina\\.com\\.cn$",                       "Sina",             NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
 
   /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */
-  { "feelinsonice.appspot.com", NULL, "\\.appspot\\.com$",     "Snapchat",     NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { "feelinsonice-hrd.appspot.com", NULL, NULL, "Snapchat",     NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { "feelinsonice.com", NULL, "\\.feelsonice\\.com$",             "Snapchat",     NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { ".snapchat.", NULL, "\\.snapchat\\.com$",                   "Snapchat",     NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { ".snapads.", NULL, "\\.snapads\\.com$",                    "Snapchat",     NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-
-  /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */
-  { ".cdninstagram.com", NULL, NULL,        "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "instagram.", NULL, NULL,               "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { ".instagram.", NULL, NULL,              "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "igcdn-photos-", NULL, NULL,            "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "instagramimages-", NULL, NULL,         "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "instagramstatic-", NULL, NULL,         "Instagram",        NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-
-  { ".waze.com", NULL, NULL,                "Waze",             NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-
-  { ".deezer.com", NULL, NULL,              "Deezer",           NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-
-  { ".microsoft.com", NULL, NULL,           "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { "i-msdn.sec.s-msft.com", NULL, NULL,    "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE },
-  { "i2-msdn.sec.s-msft.com", NULL, NULL,   "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".webtrends.com", NULL, NULL,           "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".msecnd.net", NULL, NULL,              "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { "bing.com", NULL, NULL,                 "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-  { ".visualstudio.com", NULL, NULL,        "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE },
-  { "login.live.com", NULL, NULL,           "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
-
-  { "bn1301.storage.live.com", NULL, NULL,      "MS_OneDrive",  NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD,  NDPI_PROTOCOL_ACCEPTABLE },
-  { "*.gateway.messenger.live.com", NULL, NULL, "MS_OneDrive",  NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
-  { "skyapi.live.net", NULL, NULL,              "MS_OneDrive",  NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
-  { "d.docs.live.net", NULL, NULL,              "MS_OneDrive",  NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
-  { "onedrive.live.com", NULL, NULL,            "MS_OneDrive",  NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
-
-  { "update.microsoft.com", NULL, NULL,     "WindowsUpdate",    NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
-  { ".windowsupdate.com", NULL, NULL,       "WindowsUpdate",    NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
-
-  { "worldofwarcraft.com", NULL, NULL,      "WorldOfWarcraft",  NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-
-  { ".anchorfree.", NULL, NULL,             "HotspotShield",    NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
-  { "hotspotshield.com", NULL, NULL,        "HotspotShield",    NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
-  { ".northghost.com", NULL, NULL,          "HotspotShield",    NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
-
-  { ".webex.com", NULL, NULL,               "Webex",            NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
-
-  { ".ocsdomain.com", NULL, NULL,           "OCS",              NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { "ocs.fr", NULL, NULL,                   "OCS",              NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { ".ocs.fr", NULL, NULL,                  "OCS",              NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { ".labgency.ws", NULL, NULL,             "OCS",              NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-
-  { ".iflix.com", NULL, NULL,               "IFLIX",            NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { ".app.iflixcorp.com", NULL, NULL,       "IFLIX",            NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-  { ".images.iflixassets.com", NULL, NULL,  "IFLIX",            NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
-
-  { "crl.microsoft.com", NULL, NULL,            "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "evsecure-ocsp.verisign.com", NULL, NULL,   "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "evsecure-aia.verisign.com", NULL, NULL,    "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "evsecure-crl.verisign.com", NULL, NULL,    "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".omniroot.com", NULL, NULL,                "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".microsoftonline.com", NULL, NULL,         "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".office365.com", NULL, NULL,               "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".office.com", NULL, NULL,                  "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".msocsp.com", NULL, NULL,                  "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".msocdn.com", NULL, NULL,                  "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "officeapps.live.com", NULL, NULL,          "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "outlook.live.com", NULL, NULL,             "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "office.live.com", NULL, NULL,              "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".onenote.", NULL, NULL,                    "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "office.net", NULL, NULL,                   "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "feelinsonice.appspot.com", NULL, "\\.appspot" TLD,                     "Snapchat",     NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { "feelinsonice-hrd.appspot.com", NULL, "feelinsonice-hrd\\.appspot" TLD, "Snapchat",     NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { "feelinsonice.com", NULL, "\\.feelsonice" TLD,                          "Snapchat",     NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".snapchat.", NULL, "\\.snapchat" TLD,                                  "Snapchat",     NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".snapads.", NULL, "\\.snapads" TLD,                                    "Snapchat",     NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+
+  { ".waze.com", NULL, "\\.waze" TLD,                                  "Waze",             NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+
+  { ".deezer.com", NULL, "\\.deezer" TLD,                              "Deezer",           NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+
+  { ".microsoft.com", NULL, "\\.microsoft" TLD,                        "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { "i-msdn.sec.s-msft.com", NULL, "i-msdn.sec\\.s-msft" TLD,          "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE },
+  { "i2-msdn.sec.s-msft.com", NULL, "i2-msdn\\.sec\\.s-msft" TLD,      "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".webtrends.com", NULL, "\\.webtrends" TLD,                        "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".msecnd.net", NULL, "\\.msecnd" TLD,                              "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "bing.com", NULL, "bing" TLD,                                      "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".visualstudio.com", NULL, "\\.visualstudio" TLD,                  "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE },
+  { "login.live.com", NULL, "login\\.live" TLD,                        "Microsoft",        NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+
+  { "bn1301.storage.live.com", NULL, "bn1301\\.storage\\.live" TLD,               "MS_OneDrive",  NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD,  NDPI_PROTOCOL_ACCEPTABLE },
+  { "*.gateway.messenger.live.com", NULL, "\\*\\.gateway\\.messenger\\.live" TLD, "MS_OneDrive",  NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+  { "skyapi.live.net", NULL, "skyapi\\.live" TLD,                                 "MS_OneDrive",  NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+  { "d.docs.live.net", NULL, "d\\.docs\\.live" TLD,                               "MS_OneDrive",  NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+  { "onedrive.live.com", NULL, "onedrive\\.live" TLD,                             "MS_OneDrive",  NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+
+  { "update.microsoft.com", NULL, "update\\.microsoft" TLD,            "WindowsUpdate",    NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
+  { ".windowsupdate.com", NULL, "\\.windowsupdate" TLD,                "WindowsUpdate",    NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE },
+
+  { "worldofwarcraft.com", NULL, "worldofwarcraft" TLD,                "WorldOfWarcraft",  NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+
+  { ".anchorfree.", NULL, "\\.anchorfree" TLD,                         "HotspotShield",    NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
+  { "hotspotshield.com", NULL, "hotspotshield" TLD,                    "HotspotShield",    NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
+  { ".northghost.com", NULL, "\\.northghost" TLD,                      "HotspotShield",    NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
+
+  { ".webex.com", NULL, "\\.webex" TLD,                                "Webex",            NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE },
+
+  { ".ocsdomain.com", NULL, "\\.ocsdomain" TLD,                        "OCS",              NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "ocs.fr", NULL, "ocs" TLD,                                         "OCS",              NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { ".ocs.fr", NULL, NULL,                                             "OCS",              NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { ".labgency.ws", NULL, ".labgency" TLD,                             "OCS",              NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+
+  { ".iflix.com", NULL, "\\.iflix" TLD,                                "IFLIX",            NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { ".app.iflixcorp.com", NULL, "\\.app\\.iflixcorp" TLD,              "IFLIX",            NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { ".images.iflixassets.com", NULL, "\\.images\\.iflixassets" TLD,    "IFLIX",            NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+
+  { "crl.microsoft.com", NULL, "crl\\.microsoft" TLD,                  "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "evsecure-ocsp.verisign.com", NULL, "evsecure-ocsp\\.verisign" TLD,"Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "evsecure-aia.verisign.com", NULL, "evsecure-aia\\.verisign" TLD,  "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "evsecure-crl.verisign.com", NULL, "evsecure-crl\\.verisign" TLD,  "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".omniroot.com", NULL, "\\.omniroot" TLD,                          "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".microsoftonline.com", NULL, "\\.microsoftonline" TLD,            "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".office365.com", NULL, "\\.office365" TLD,                        "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".office.com", NULL, "\\.office" TLD,                              "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "office.net", NULL, NULL,                                          "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".msocsp.com", NULL, "\\.msocsp" TLD,                              "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".msocdn.com", NULL, "\\.msocdn" TLD,                              "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "officeapps.live.com", NULL, "officeapps\\.live" TLD,              "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "outlook.live.com", NULL, "outlook\\.live" TLD,                    "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "office.live.com", NULL, "office\\.live" TLD,                      "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".onenote.", NULL, "\\.onenote" TLD,                               "Office365",    NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
 
   /* http://www.urlquery.net/report.php?id=1453233646161 */
-  { "lifedom.top", NULL, NULL,              "Cloudflare",       NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { "coby.ns.cloudflare.com", NULL, NULL,   "Cloudflare",       NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { "amanda.ns.cloudflare.com", NULL, NULL, "Cloudflare",       NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "lifedom.top", NULL, "lifedom" TLD,                                "Cloudflare",       NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "coby.ns.cloudflare.com", NULL, "coby\\.ns\\.cloudflare" TLD,      "Cloudflare",       NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { "amanda.ns.cloudflare.com", NULL, "amanda\\.ns\\.cloudflare" TLD,  "Cloudflare",       NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
 
-  { "d295hzzivaok4k.cloudfront.net", NULL, NULL,"OpenDNS",      NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".opendns.com", NULL, NULL,                 "OpenDNS",      NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+  { "d295hzzivaok4k.cloudfront.net", NULL, "d295hzzivaok4k\\.cloudfront" TLD,"OpenDNS",      NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".opendns.com", NULL, "\\.opendns" TLD,                                  "OpenDNS",      NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
 
   /* https://get.slack.help/hc/en-us/articles/205138367-Troubleshooting-Slack-connection-issues */
-  { "slack.com", NULL, NULL,                "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".slack-msgs.com", NULL, NULL,          "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "slack-files.com", NULL, NULL,          "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "slack-imgs.com", NULL, NULL,           "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".slack-edge.com", NULL, NULL,          "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".slack-core.com", NULL, NULL,          "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "slack-redir.net", NULL, NULL,          "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "slack.com", NULL, "slack" TLD,                                    "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".slack-msgs.com", NULL, "\\.slack-msgs" TLD,                      "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "slack-files.com", NULL, "slack-files" TLD,                        "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "slack-imgs.com", NULL, "slack-imgs" TLD,                          "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".slack-edge.com", NULL, "\\.slack-edge" TLD,                      "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".slack-core.com", NULL, "\\.slack-core" TLD,                      "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "slack-redir.net", NULL, "slack-redir" TLD,                        "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
   /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */
-  { "slack-assets2.s3-", NULL, NULL,        "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-
-  { "zhiliaoapp.com", NULL, NULL,           "Musical.ly",       NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "muscdn.com", NULL, NULL,               "Musical.ly",       NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "livelycdn.com", NULL, NULL,            "Musical.ly",       NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { "direct.ly", NULL, NULL,                "Musical.ly",       NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  
-  { "github.com", NULL, NULL,               "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".github.com", NULL, NULL,              "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "github.io", NULL, NULL,                "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".github.io", NULL, NULL,               "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { "githubusercontent.com", NULL, NULL,    "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-  { ".githubusercontent.com", NULL, NULL,   "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
-
-  { ".iqiyi.com", NULL, NULL,               "iQIYI",            NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { ".qiyi.com", NULL, NULL,                "iQIYI",            NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { ".71.am", NULL, NULL,                   "iQIYI",            NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { ".qiyipic.com", NULL, NULL,             "iQIYI",            NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-
-  { ".ppstream.com", NULL, NULL,            "PPStream",         NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { ".pps.tv", NULL, NULL,                  "PPStream",         NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-
-  { ".1kxun.", NULL, NULL,                  "1kxun",            NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "tcad.wedolook.com", NULL, NULL,        "1kxun",            NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-
-  { ".steampowered.com", NULL, NULL,            "Steam",        NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-  { "steamcommunity.com", NULL, NULL,           "Steam",        NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-  { ".steamcontent.com", NULL, NULL,            "Steam",        NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-  { ".steamstatic.com", NULL, NULL,             "Steam",        NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-  { "steamcommunity-a.akamaihd.net", NULL, NULL,"Steam",        NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-
-  { ".wechat.com", NULL, NULL,              "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { ".wechat.org", NULL, NULL,              "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { ".wechatapp.com", NULL, NULL,           "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { ".we.chat", NULL, NULL,                 "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { ".wx.", NULL, NULL,                     "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { ".weixin.", NULL, NULL,                 "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-  { ".mmsns.qpic.cn", NULL, NULL,           "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-
-  { "dnscrypt.org", NULL, NULL,             "DNScrypt",         NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
-
-  { "torrent.", NULL, NULL,                 "BitTorrent",       NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE },
-  { "torrents.", NULL, NULL,                "BitTorrent",       NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE },
-  { "torrentz.", NULL, NULL,                "BitTorrent",       NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE },
-
-  { ".nintendo.net", NULL, NULL,            "Nintendo",         NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-  { ".nintendo.com", NULL, NULL,            "Nintendo",         NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-  { ".playstation.net", NULL, NULL,             "Playstation",  NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-  { ".playstation.com", NULL, NULL,             "Playstation",  NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-  { ".sonyentertainmentnetwork.com", NULL, NULL,"Playstation",  NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
-
-  { ".pastebin.com", NULL, NULL,            "Pastebin",         NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
-
-  { ".linkedin.com", NULL, NULL,            "LinkedIn",         NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-  { ".licdn.com", NULL, NULL,               "LinkedIn",         NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
-
-  { ".sndcdn.com", NULL, NULL,              "SoundCloud",       NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { ".soundcloud.com", NULL, NULL,          "SoundCloud",       NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { "getrockerbox.com", NULL, NULL,         "SoundCloud",       NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-
-  { "web.telegram.org", NULL, NULL,         "Telegram",         NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
-  { "tdesktop.com", NULL, NULL,             "Telegram",         NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
-  { "tupdate.com", NULL, NULL,              "Telegram",         NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
-
-  { ".icq.", NULL, NULL,                    "ICQ",              NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
-  { "icq.", NULL, NULL,                     "ICQ",              NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
-
-  { ".vidto.me", NULL, NULL,                "VidTO",            NDPI_PROTOCOL_VIDTO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { ".vidto.se", NULL, NULL,                "VidTO",            NDPI_PROTOCOL_VIDTO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  
-  { ".rapidvideo.com", NULL, NULL,          "RapidVideo",       NDPI_PROTOCOL_RAPIDVIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
-  { ".playercdn.net", NULL, NULL,           "RapidVideo",       NDPI_PROTOCOL_RAPIDVIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "slack-assets2.s3-", NULL, "slack-assets2\\.s3-",                  "Slack",            NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+
+  { "wechat.com", NULL, "wechat\\.com" TLD,                            "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+
+  { "github.com", NULL, "github" TLD,                                  "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".github.com", NULL, "\\.github" TLD,                              "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "github.io", NULL, NULL,                                           "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".github.io", NULL, NULL,                                          "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { "githubusercontent.com", NULL, "githubusercontent" TLD,            "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".githubusercontent.com", NULL, "\\.githubusercontent" TLD,        "Github",           NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE },
+
+  { ".steampowered.com", NULL, "\\.steampowered" TLD,                        "Steam",        NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+  { "steamcommunity.com", NULL, "steamcommunity" TLD,                        "Steam",        NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+  { ".steamcontent.com", NULL, "\\.steamcontent" TLD,                        "Steam",        NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+  { ".steamstatic.com", NULL, "\\.steamstatic" TLD,                          "Steam",        NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+  { "steamcommunity-a.akamaihd.net", NULL, "steamcommunity-a\\.akamaihd" TLD,"Steam",        NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+
+  { ".wechat.com", NULL, "\\.wechat\\.com",                            "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".wechat.org", NULL, "\\.wechat\\.org",                            "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".wechatapp.com", NULL, "\\.wechatapp" TLD,                        "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".we.chat", NULL, "\\.we\\.chat",                                  "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".wx.", NULL, "\\.wx\\.",                                          "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".weixin.", NULL, "\\.weixin\\.",                                  "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+  { ".mmsns.qpic.cn", NULL, "\\.mmsns\\.qpic" TLD,                     "WeChat",           NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
+
+  { "dnscrypt.org", NULL, "dnscrypt\\.org$",                           "DNScrypt",         NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },
+
+  { "torrent.", NULL, "torrent" TLD,                                   "BitTorrent",       NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE },
+  { "torrents.", NULL, "torrents" TLD,                                 "BitTorrent",       NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE },
+  { "torrentz.", NULL, "torrentz" TLD,                                 "BitTorrent",       NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE },
+
+  { ".nintendo.net", NULL, "\\.nintendo" TLD,                          "Nintendo",         NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+  { ".nintendo.com", NULL, NULL,                                       "Nintendo",         NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+
+  { ".playstation.net", NULL, "\\.playstation" TLD,                          "Playstation",  NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+  { ".playstation.com", NULL, NULL,                                          "Playstation",  NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+  { ".sonyentertainmentnetwork.com", NULL, "\\.sonyentertainmentnetwork" TLD,"Playstation",  NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
+
+  { ".linkedin.com", NULL, "\\.linkedin" TLD,                          "LinkedIn",         NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+  { ".licdn.com", NULL, "\\.licdn" TLD,                                "LinkedIn",         NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN },
+
+  { ".sndcdn.com", NULL, "\\.sndcdn" TLD,                              "SoundCloud",       NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { ".soundcloud.com", NULL, "\\.soundcloud" TLD,                      "SoundCloud",       NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "getrockerbox.com", NULL, "getrockerbox" TLD,                      "SoundCloud",       NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+
+  { "web.telegram.org", NULL, "web\\.telegram" TLD,                    "Telegram",         NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+  { "tdesktop.com", NULL, "tdesktop" TLD,                              "Telegram",         NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+  { "tupdate.com", NULL, "tupdate" TLD,                                "Telegram",         NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+
+  { ".pastebin.com", NULL, "\\.pastebin" TLD,                          "Pastebin",         NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
+
+  { ".ppstream.com", NULL, "\\.ppstream" TLD,                          "PPStream",         NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { ".pps.tv", NULL, "\\.pps\\.tv$",                                   "PPStream",         NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+
+  /*
+    VidTO streaming service
+    NOTE: this is a possible candidate for NDPI_PROTOCOL_GENERIC
+  */
+  { ".vidto.me", NULL, "\\.vidto" TLD,                                 "VidTO",            NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { ".vidto.se", NULL, NULL,                                           "VidTO",            NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+
+  /*
+    Not so popular services without a protocl dissector (and thus not worth a protocolId) that are handled/detected by categpory rather
+    than by protocol id. They are bound to a generic protocol (NDPI_PROTOCOL_GENERIC) and placed onto the right category
+  */
+  { "quickplay.com", NULL, "quickplay" TLD,                            "QuickPlay",        NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+
+  { ".iqiyi.com", NULL, "\\.iqiyi" TLD,                                "iQIYI",            NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { ".qiyi.com", NULL, "\\.qiyi" TLD,                                  "iQIYI",            NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { ".71.am", NULL, "\\.71" TLD,                                       "iQIYI",            NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { ".qiyipic.com", NULL, "\\.qiyipic" TLD,                            "iQIYI",            NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+
+  { ".1kxun.", NULL, "\\.1kxun\\.",                                    "1kxun",            NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { "tcad.wedolook.com", NULL, "tcad\\.wedolook" TLD,                  "1kxun",            NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+
+  { "baidu.com", NULL, "baidu" TLD,                                    "baidu",            NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN },
+
+  { "icq.", NULL, "icq" TLD,                                           "ICQ",              NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".icq.", NULL, NULL,                                               "ICQ",              NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+
+
+  /* RapidVideo streaming */
+  { ".rapidvideo.com", NULL, "\\.rapidvideo" TLD,                      "RapidVideo",       NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  { ".playercdn.net", NULL, "\\.playercdn" TLD,                        "RapidVideo",       NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+
+  /* showmax.com video streaming */
+  { "showmax.com", NULL, "showmax" TLD,                                "Showmax",          NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+  { "showmax.akamaized.net", NULL, "showmax\\.akamaized" TLD,          "Showmax",          NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
+
+  { "snapcraft.io", NULL, "snapcraft\\.io" TLD,                        "UbuntuONE",        NDPI_PROTOCOL_UBUNTUONE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+  { "ubuntu.com", NULL, "ubuntu\\.com" TLD,                            "UbuntuONE",        NDPI_PROTOCOL_UBUNTUONE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
 
+  { "signal.org", NULL, "signal\\.org" TLD,                            "Signal",           NDPI_PROTOCOL_SIGNAL, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
+  { "whispersystems.org", NULL, "whispersystems\\.org" TLD,            "Signal",           NDPI_PROTOCOL_SIGNAL, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE },
   { NULL, NULL, NULL, 0 }
 };
 
@@ -8498,12 +8546,13 @@ static const char *ndpi_en_bigrams[] = {
 
 static const char *ndpi_en_impossible_bigrams[] = {
   "bk", "bq", "bx", "cb", "cf", "cg", "cj", "cp", "cv", "cw", "cx", "dx", "fk", "fq", "fv", "fx", /* "ee", removed it can be found in 'meeting' */
-  "fz", "gq", "gv", "gx", "hh", "hk", "hv", "hx", "hz", "iy", "jb", "jc", "jd", "jf", "jg", "jh", "jk",
+  "fz", "gq", "gv", "gx", "hh", "hk", "hv", "hx", "hz", "iy", "jb", /* "jc", jcrew.com */ "jd", "jf", "jg", "jh", "jk",
   "jl", "jm", "jn", "jp", "jq", "jr", /* "js", */ "jt", "jv", "jw", "jx", "jy", "jz", "kg", "kq", "kv", "kx",
-  "kz", "lq", "lx", "mg", "mj", "mq", "mx", "mz", "pq", "pv", "px", "qb", "qc", "qd", "qe", "qf", "ii",
+  "kz", "lq", "lx", /* "mg" tamgrt.com , */ "mj", "mq", "mx", "mz", "pq", "pv", "px", "qb", "qc", "qd", "qe", "qf", "ii",
   "qg", "qh", "qj", "qk", "ql", "qm", "qn", "qo", "qp", "qr", "qs", "qt", "qv", "qw", "qx", "qy", "uu",
   "qz", "sx", "sz", "tq", "tx", "vb", "vc", "vd", "vf", "vg", "vh", "vj", "vm", "vn", "vp", "bw", /* "vk", "zr" Removed for kavkazr */
-  "vq", "vt", "vw", "vx", "vz", "wq", "wv", "wx", "wz", "xb", "xg", "xj", "xk", "xv", "xz", "xw", "yd", /*"yp", Removed for paypal */
+  "vq", "vt", "vw", "vx", "vz", "wq", "wv", "wx", "wz", /* "xb", foxbusiness.com */
+  	"xg", "xj", "xk", "xv", "xz", "xw", "yd", /*"yp", Removed for paypal */
   "yj", "yq", "yv", "yz", "yw", "zb", "zc", "zg", "zh", "zj", "zn", "zq", "zs", "zx", "wh", "wk",
   "wb", "zk", "kp", "zk", "xy",
   NULL };
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 5f1f9800d..e882feaa6 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -27,8 +27,10 @@
 
 #include <stdlib.h>
 #include <errno.h>
+#include <sys/types.h>
 #include "ahocorasick.h"
 #include "libcache.h"
+#include "lruc.h"
 
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNKNOWN
 
@@ -42,23 +44,14 @@
 
 #include "ndpi_content_match.c.inc"
 #include "third_party/include/ndpi_patricia.h"
-#include "third_party/src/ndpi_patricia.c"
-#include "third_party/include/hash.h"
-#include "third_party/src/hash.c"
+#include "third_party/include/ht_hash.h"
 
-#ifdef HAVE_HYPERSCAN
-#include <hs.h>
-#endif
-
-#ifdef HAVE_HYPERSCAN
-struct hs {
-  hs_database_t *database;
-  hs_scratch_t  *scratch;
-};
-#endif
+#define NDPI_CONST_GENERIC_PROTOCOL_NAME  "GenericProtocol"
 
 static int _ndpi_debug_callbacks = 0;
 
+// #define MATCH_DEBUG 1
+
 /* implementation of the punycode check function */
 int check_punycode_string(char * buffer , int len)
 {
@@ -409,15 +402,13 @@ u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) { return sizeof(struct
 
 /* *********************************************************************************** */
 
-char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id)
-{
+char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) {
   return((id >= ndpi_mod->ndpi_num_supported_protocols) ? NULL : ndpi_mod->proto_defaults[id].protoName);
 }
 
 /* *********************************************************************************** */
 
-u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name)
-{
+u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) {
   u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_mod);
 
   for(i = 0; i < num; i++)
@@ -434,8 +425,7 @@ ndpi_port_range * ndpi_build_default_ports_range(ndpi_port_range *ports,
 						 u_int16_t portB_low, u_int16_t portB_high,
 						 u_int16_t portC_low, u_int16_t portC_high,
 						 u_int16_t portD_low, u_int16_t portD_high,
-						 u_int16_t portE_low, u_int16_t portE_high)
-{
+						 u_int16_t portE_low, u_int16_t portE_high) {
   int i = 0;
 
   ports[i].port_low = portA_low, ports[i].port_high = portA_high; i++;
@@ -454,8 +444,7 @@ ndpi_port_range * ndpi_build_default_ports(ndpi_port_range *ports,
 					   u_int16_t portB,
 					   u_int16_t portC,
 					   u_int16_t portD,
-					   u_int16_t portE)
-{
+					   u_int16_t portE) {
   int i = 0;
 
   ports[i].port_low = portA, ports[i].port_high = portA; i++;
@@ -523,13 +512,12 @@ void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct,
 
   if(protocol_id < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) {
 #ifdef NDPI_ENABLE_DEBUG_MESSAGES
-	if ( ndpi_struct &&
+	if( ndpi_struct &&
 	     ndpi_struct->ndpi_log_level >= NDPI_LOG_DEBUG &&
     	     ndpi_struct->ndpi_debug_printf != NULL) {
 
 		(*(ndpi_struct->ndpi_debug_printf))(protocol_id, ndpi_struct, NDPI_LOG_DEBUG,
 		 _file, _func, _line, "exclude %s\n",ndpi_get_proto_name(ndpi_struct, protocol_id));
-
 	}
 #endif
 	NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, protocol_id);
@@ -540,6 +528,7 @@ void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct,
 
 void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod,
 			     ndpi_protocol_breed_t breed, u_int16_t protoId,
+			     u_int8_t can_have_a_subprotocol,
 			     u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2],
 			     char *protoName, ndpi_protocol_category_t protoCategory,
 			     ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts) {
@@ -566,13 +555,19 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod,
     ndpi_mod->proto_defaults[protoId].protoCategory = protoCategory,
     ndpi_mod->proto_defaults[protoId].protoId = protoId,
     ndpi_mod->proto_defaults[protoId].protoBreed = breed;
-
+  ndpi_mod->proto_defaults[protoId].can_have_a_subprotocol = can_have_a_subprotocol;
+  
   memcpy(&ndpi_mod->proto_defaults[protoId].master_tcp_protoId, tcp_master_protoId, 2*sizeof(u_int16_t));
   memcpy(&ndpi_mod->proto_defaults[protoId].master_udp_protoId, udp_master_protoId, 2*sizeof(u_int16_t));
 
   for(j=0; j<MAX_DEFAULT_PORTS; j++) {
-    if(udpDefPorts[j].port_low != 0) addDefaultPort(ndpi_mod, &udpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->udpRoot, __FUNCTION__,__LINE__);
-    if(tcpDefPorts[j].port_low != 0) addDefaultPort(ndpi_mod, &tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot, __FUNCTION__,__LINE__);
+    if(udpDefPorts[j].port_low != 0)
+      addDefaultPort(ndpi_mod, &udpDefPorts[j],
+		     &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->udpRoot, __FUNCTION__,__LINE__);
+    
+    if(tcpDefPorts[j].port_low != 0)
+      addDefaultPort(ndpi_mod, &tcpDefPorts[j],
+		     &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot, __FUNCTION__,__LINE__);
   }
 }
 
@@ -670,7 +665,9 @@ static int removeDefaultPort(ndpi_port_range *range,
 
 static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struct,
 				 ndpi_automa *automa,
-				 char *value, int protocol_id) {
+				 char *value, u_int16_t protocol_id,
+				 ndpi_protocol_category_t category,
+				 ndpi_protocol_breed_t breed) {
   AC_PATTERN_t ac_pattern;
 
   if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) {
@@ -679,8 +676,16 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struc
   }
 
   if(automa->ac_automa == NULL) return(-2);
-  ac_pattern.astring = value;
-  ac_pattern.rep.number = protocol_id;
+  ac_pattern.astring = value,
+    ac_pattern.rep.number = protocol_id,  
+    ac_pattern.rep.category = (u_int16_t)category,
+    ac_pattern.rep.breed = (u_int16_t)breed;
+  
+#ifdef MATCH_DEBUG
+  printf("Adding to automa [%s][protocol_id: %u][category: %u][breed: %u]\n",
+	 value, protocol_id, category, breed);
+#endif
+  
   if(value == NULL)
     ac_pattern.length = 0;
   else
@@ -695,22 +700,25 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struc
 
 static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
 					 char *value, int protocol_id,
-					 ndpi_protocol_breed_t breed /* UNUSED */)
+					 ndpi_protocol_category_t category,
+					 ndpi_protocol_breed_t breed)
 {
 #ifdef DEBUG
   NDPI_LOG_DEBUG2(ndpi_struct, "[NDPI] Adding [%s][%d]\n", value, protocol_id);
 #endif
 
-  return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, value, protocol_id));
+  return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, value, protocol_id,
+			       category, breed));
 }
 
 /* ****************************************************** */
 
 int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
 				 char *value, int protocol_id,
-				 ndpi_protocol_breed_t breed /* UNUSED */) {
+				 ndpi_protocol_category_t category,
+				 ndpi_protocol_breed_t breed) {
   return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->content_automa,
-			       value, protocol_id));
+			       value, protocol_id, category, breed));
 }
 
 /* ****************************************************** */
@@ -731,29 +739,37 @@ static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct
 /* ******************************************************************** */
 
 void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod,
-			      ndpi_protocol_match *match)
-{
+			      ndpi_protocol_match *match) {
   u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO };
   ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
-
-  ndpi_add_host_url_subprotocol(ndpi_mod, match->string_to_match,
-				match->protocol_id, match->protocol_breed);
-
+  static u_int16_t generic_id = NDPI_LAST_IMPLEMENTED_PROTOCOL;
+  
   if(ndpi_mod->proto_defaults[match->protocol_id].protoName == NULL) {
-    ndpi_mod->proto_defaults[match->protocol_id].protoName  = ndpi_strdup(match->proto_name);
-    ndpi_mod->proto_defaults[match->protocol_id].protoCategory = match->proto_category;
-    ndpi_mod->proto_defaults[match->protocol_id].protoId    = match->protocol_id;
-    ndpi_mod->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed;
+    if(match->protocol_id == NDPI_PROTOCOL_GENERIC)
+      ndpi_mod->proto_defaults[match->protocol_id].protoName   = ndpi_strdup(NDPI_CONST_GENERIC_PROTOCOL_NAME);
+   else
+     ndpi_mod->proto_defaults[match->protocol_id].protoName    = ndpi_strdup(match->proto_name);
+    
+    ndpi_mod->proto_defaults[match->protocol_id].protoId       = match->protocol_id;  
+    ndpi_mod->proto_defaults[match->protocol_id].protoCategory = match->protocol_category;
+    ndpi_mod->proto_defaults[match->protocol_id].protoBreed    = match->protocol_breed;
+
+    ndpi_set_proto_defaults(ndpi_mod,
+			    ndpi_mod->proto_defaults[match->protocol_id].protoBreed,
+			    ndpi_mod->proto_defaults[match->protocol_id].protoId,
+			    0 /* can_have_a_subprotocol */,
+			    no_master, no_master,
+			    ndpi_mod->proto_defaults[match->protocol_id].protoName,
+			    ndpi_mod->proto_defaults[match->protocol_id].protoCategory,
+			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);    
   }
 
-  ndpi_set_proto_defaults(ndpi_mod,
-			  ndpi_mod->proto_defaults[match->protocol_id].protoBreed,
-			  ndpi_mod->proto_defaults[match->protocol_id].protoId,
-			  no_master, no_master,
-			  ndpi_mod->proto_defaults[match->protocol_id].protoName,
-			  ndpi_mod->proto_defaults[match->protocol_id].protoCategory,
-			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+  ndpi_add_host_url_subprotocol(ndpi_mod,
+				match->string_to_match,
+				match->protocol_id,
+				match->protocol_category,
+				match->protocol_breed);
 }
 
 /* ******************************************************************** */
@@ -784,10 +800,27 @@ static int hyperscan_load_patterns(struct hs *hs, u_int num_patterns,
 
 /* ******************************************************************** */
 
+static char* string2hex(const char *pat) {
+  u_int patlen, i;
+  char *hexbuf, *buf;
+
+  patlen = strlen(pat);
+  hexbuf = (char*)calloc(sizeof(char), patlen * 4 + 1);
+  if(!hexbuf) return(NULL);
+
+  for (i = 0, buf = hexbuf; i < patlen; i++, buf += 4) {
+    snprintf(buf, 5, "\\x%02x", (unsigned char)pat[i]);
+  }
+  *buf = '\0';
+
+  return hexbuf;
+}
+
 static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) {
-  u_int num_patterns = 0, i;
-  const char **expressions;
+  u_int num_patterns = 0, i, j;
+  char **expressions;
   unsigned int *ids;
+  unsigned char *need_to_be_free;
   struct hs *hs;
   int rc;
 
@@ -795,31 +828,52 @@ static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) {
   if(!ndpi_mod->hyperscan) return(-1);
   hs = (struct hs*)ndpi_mod->hyperscan;
 
-  for(i=0; host_match[i].string_to_match != NULL; i++) {
-    if(host_match[i].pattern_to_match) {
-      /*  printf("[DEBUG] %s\n", host_match[i].pattern_to_match); */
-      num_patterns++;
-    }
+  for(i = 0; host_match[i].string_to_match != NULL || host_match[i].pattern_to_match != NULL; i++) {
+    num_patterns++;
   }
 
-  expressions = (const char**)calloc(sizeof(char*), num_patterns+1);
+  expressions = (char**)calloc(sizeof(char*), num_patterns + 1);
   if(!expressions) return(-1);
 
-  ids = (unsigned int*)calloc(sizeof(unsigned int), num_patterns+1);
+  ids = (unsigned int*)calloc(sizeof(unsigned int), num_patterns + 1);
   if(!ids) {
     free(expressions);
     return(-1);
   }
 
-  for(i=0, num_patterns=0; host_match[i].string_to_match != NULL; i++) {
-    if(host_match[i].pattern_to_match) {
-      expressions[num_patterns] = host_match[i].pattern_to_match;
-      ids[num_patterns]         = host_match[i].protocol_id;
-      num_patterns++;
+  need_to_be_free = (unsigned char*)calloc(sizeof(unsigned char), num_patterns + 1);
+  if (!need_to_be_free) {
+    free(expressions);
+    free(ids);
+    return(-1);
+  }
+
+  for (i = 0, j = 0; host_match[i].string_to_match != NULL || host_match[i].pattern_to_match != NULL; i++) {
+    if (host_match[i].pattern_to_match) {
+      expressions[j] = host_match[i].pattern_to_match;
+      ids[j] = host_match[i].protocol_id;
+      need_to_be_free[j] = 0;
+      ++j;
+    } else {
+      expressions[j] = string2hex(host_match[i].string_to_match);
+      if (expressions[j] != NULL) {
+        ids[j] = host_match[i].protocol_id;
+        need_to_be_free[j] = 1;
+        ++j;
+      } else {
+#ifdef DEBUG
+        printf("Fail to calloc memory for %s\n", host_match[i].string_to_match);
+#endif
+      }
     }
+    /*printf("[DEBUG] %s\n", j ? expressions[j - 1] : "No Expression");*/
   }
 
-  rc = hyperscan_load_patterns(hs, num_patterns, expressions, ids);
+  rc = hyperscan_load_patterns(hs, j, (const char**)expressions, ids);
+
+  for (i = 0; i < j; ++i)
+    if (need_to_be_free[i])
+      free(expressions[i]);
   free(expressions), free(ids);
 
   return(rc);
@@ -857,24 +911,25 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp
   for(i=0; host_match[i].string_to_match != NULL; i++)
     ndpi_init_protocol_match(ndpi_mod, &host_match[i]);
 
-#ifdef DEBUG
-  ac_automata_display(ndpi_mod->host_automa.ac_automa, 'n');
+#ifdef MATCH_DEBUG  
+  // ac_automata_display(ndpi_mod->host_automa.ac_automa, 'n');
 #endif
 
   for(i=0; content_match[i].string_to_match != NULL; i++)
     ndpi_add_content_subprotocol(ndpi_mod, content_match[i].string_to_match,
 				 content_match[i].protocol_id,
+				 content_match[i].protocol_category,
 				 content_match[i].protocol_breed);
 
   for(i=0; ndpi_en_bigrams[i] != NULL; i++)
     ndpi_string_to_automa(ndpi_mod, &ndpi_mod->bigrams_automa,
 			  (char*)ndpi_en_bigrams[i],
-			  1);
+			  1, 1, 1);
 
   for(i=0; ndpi_en_impossible_bigrams[i] != NULL; i++)
     ndpi_string_to_automa(ndpi_mod, &ndpi_mod->impossible_bigrams_automa,
 			  (char*)ndpi_en_impossible_bigrams[i],
-			  1);
+			  1, 1, 1);
 }
 
 /* ******************************************************************** */
@@ -912,14 +967,30 @@ int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_mod
 
 /* ******************************************************************** */
 
+static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_struct *ndpi_mod) {
+  int i;
+
+  for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) {
+    if(ndpi_mod->proto_defaults[i].protoName == NULL) {
+      NDPI_LOG_ERR(ndpi_mod, "[NDPI] INTERNAL ERROR missing protoName initialization for [protoId=%d]: recovering\n",  i);
+    } else {
+      if((i != NDPI_PROTOCOL_UNKNOWN)
+	 && (ndpi_mod->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) {
+	NDPI_LOG_ERR(ndpi_mod, "[NDPI] INTERNAL ERROR missing category [protoId=%d/%s] initialization: recovering\n",
+		     i, ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???");
+      }
+    }
+  }
+}
+
+/* ******************************************************************** */
+
 /* This function is used to map protocol name and default ports and it MUST
    be updated whenever a new protocol is added to NDPI.
 
    Do NOT add web services (NDPI_SERVICE_xxx) here.
 */
 static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_mod) {
-
-  int i;
   ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
   u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO },
     custom_master[2];
@@ -928,981 +999,1021 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
     memset(ndpi_mod->proto_defaults, 0, sizeof(ndpi_mod->proto_defaults));
 
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_UNKNOWN,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_SMTP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 465, 587, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS,
-			    no_master,
+			    1 /* can_have_a_subprotocol */, no_master,
 			    no_master, "DNS", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 53, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HEP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "HEP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 9064, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 9063, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP,
-			    no_master,
+			    1 /* can_have_a_subprotocol */, no_master,
 			    no_master, "HTTP", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MDNS,
-			    no_master,
+			    1 /* can_have_a_subprotocol */, no_master,
 			    no_master, "MDNS", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 5353, 5354, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 123, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
 			    ndpi_build_default_ports(ports_a, 139, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 137, 138, 139, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "NFS", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
 			    ndpi_build_default_ports(ports_a, 2049, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 2049, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "BGP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 179, 2605, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
 			    ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMB,
-			    no_master,
-			    no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
-			    ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV1,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "SMBv1", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
+			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
 			    ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "DHCP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 67, 68, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_POSTGRES,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "PostgreSQL", NDPI_PROTOCOL_CATEGORY_DATABASE,
 			    ndpi_build_default_ports(ports_a, 5432, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MYSQL,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE,
 			    ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_NTOP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "ntop", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "VMware", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
 			    ndpi_build_default_ports(ports_a, 903, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FBZERO,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "FacebookZero", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 443, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Kontiki", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_EDONKEY,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Skype", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE_CALL_IN,
-			    no_master,
-			    no_master, "SkypeCallIn", NDPI_PROTOCOL_CATEGORY_VOIP,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE_CALL,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "SkypeCall", NDPI_PROTOCOL_CATEGORY_VOIP,
+			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE_49,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "Free_49", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE_CALL_OUT,
-			    no_master,
-			    no_master, "SkypeCallOut", NDPI_PROTOCOL_CATEGORY_VOIP,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE_49,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "SkypeCall", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MUSICALLY,
-			    no_master,
-			    no_master, "Musical.ly", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WECHAT,
+			    0 /* can_have_a_subprotocol */, no_master, /* wechat.com */
+			    no_master, "WeChat", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_40,
-			    no_master,
-			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEMCACHED,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "Memcached", NDPI_PROTOCOL_CATEGORY_NETWORK,
+			    ndpi_build_default_ports(ports_a, 11211, 0, 0, 0, 0) /* TCP */,
+			    ndpi_build_default_ports(ports_b, 11211, 0, 0, 0, 0) /* UDP */);
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV23,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "SMBv23", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
+			    ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */,
+			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MINING,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "Mining", CUSTOM_CATEGORY_MINING,
+			    ndpi_build_default_ports(ports_a, 8333, 0, 0, 0, 0) /* TCP */,
+			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NEST_LOG_SINK,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "NestLogSink", NDPI_PROTOCOL_CATEGORY_CLOUD,
+			    ndpi_build_default_ports(ports_a, 11095, 0, 0, 0, 0) /* TCP */,
+			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_44,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_41,
-			    no_master,
-			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_45,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_42,
-			    no_master,
-			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_46,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_43,
-			    no_master,
-			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SIGNAL,
+			    0 /* can_have_a_subprotocol */, no_master, /* https://signal.org */
+			    no_master, "Signal", NDPI_PROTOCOL_CATEGORY_CHAT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_44,
-			    no_master,
-			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_196,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_45,
-			    no_master,
-			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_205,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_46,
-			    no_master,
-			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VIDTO,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
-
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Xbox", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQ,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "QQ", NDPI_PROTOCOL_CATEGORY_CHAT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RTSP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "RTSP", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 554, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 554, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "IceCast", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPLIVE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "PPLive", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ZATTOO,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Zattoo", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SHOUTCAST,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "ShoutCast", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOPCAST,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Sopcast", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVANTS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Tvants", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVUPLAYER,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "TVUplayer", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD,
-			    no_master,
+			    1 /* can_have_a_subprotocol */, no_master,
 			    no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "QQLive", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
     custom_master[0] = NDPI_PROTOCOL_SSL, custom_master[1] = NDPI_PROTOCOL_UNKNOWN;
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSL_NO_CERT,
-			    custom_master,
+			    1 /* can_have_a_subprotocol */, custom_master,
 			    no_master, "SSL_No_Cert", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_IRC,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "IRC", NDPI_PROTOCOL_CATEGORY_CHAT,
 			    ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 194, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AYIYA,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Ayiya", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPTED_JABBER,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Unencrypted_Jabber", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Oscar", NDPI_PROTOCOL_CATEGORY_CHAT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_BATTLEFIELD,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "BattleField", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STEAM,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Steam", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HALFLIFE2,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "HalfLife2", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLDOFWARCRAFT,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_HOTSPOT_SHIELD,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_TELNET,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Telnet", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
 			    ndpi_build_default_ports(ports_a, 23, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
     custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323;
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 3478, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_IP_IPSEC,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "IPsec", NDPI_PROTOCOL_CATEGORY_VPN,
 			    ndpi_build_default_ports(ports_a, 500, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 500, 4500, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_GRE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "GRE", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "ICMP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IGMP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "IGMP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_EGP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "EGP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_SCTP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SCTP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_OSPF,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "OSPF", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 2604, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IP_IN_IP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "IP_in_IP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP,
-			    no_master,
-			    no_master, "RTP", NDPI_PROTOCOL_CATEGORY_VOIP,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "RTP", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "RDP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
 			    ndpi_build_default_ports(ports_a, 3389, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "VNC", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
 			    ndpi_build_default_ports(ports_a, 5900, 5901, 5800, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PCANYWHERE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "PcAnywhere", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_VOICE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "WhatsAppVoice", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_FILES,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "WhatsAppFiles", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "WhatsApp", NDPI_PROTOCOL_CATEGORY_CHAT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
     custom_master[0] = NDPI_PROTOCOL_SSL_NO_CERT, custom_master[1] = NDPI_PROTOCOL_UNKNOWN;
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_SSL,
-			    no_master,
+			    1 /* can_have_a_subprotocol */, no_master,
 			    custom_master, "SSL", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 443, 3001 /* ntop */, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSH,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SSH", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
 			    ndpi_build_default_ports(ports_a, 22, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_USENET,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Usenet", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MGCP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "MGCP", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IAX,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "IAX", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "AFP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
 			    ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */);
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CATEGORY_CUSTOM_1,
+                            0 /* can_have_a_subprotocol */, no_master,
+                            no_master, NDPI_CONST_GENERIC_PROTOCOL_NAME, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
+                            ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+                            ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK,
-                            no_master,
+                            0 /* can_have_a_subprotocol */, no_master,
                             no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
                             ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */,
                             ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SIP", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 5060, 5061, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "ICMPV6", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCPV6,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "DHCPV6", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ARMAGETRON,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Armagetron", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CROSSFIRE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Crossfire", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Dofus", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FIESTA,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Fiesta", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FLORENSIA,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Florensia", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC,
-			    no_master,
-			    no_master, "HTTP_Application_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_ACTIVESYNC,
+			    1 /* can_have_a_subprotocol */, no_master,
+			    no_master, "HTTP_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Kerberos", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 88, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 88, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
 			    ndpi_build_default_ports(ports_a, 389, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 389, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "MapleStory", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL_TDS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE,
 			    ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WARCRAFT3,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Warcraft3", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLD_OF_KUNG_FU,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "WorldOfKungFu", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DCERPC,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "DCE_RPC", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 135, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT,
-			    no_master,
+			    1 /* can_have_a_subprotocol */, no_master,
 			    no_master, "HTTP_Connect", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_PROXY,
-			    no_master,
+			    1 /* can_have_a_subprotocol */, no_master,
 			    no_master, "HTTP_Proxy", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 8080, 3128, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBEX,
-			    no_master,
-			    no_master, "Webex", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "Webex", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "TeamViewer", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
 			    ndpi_build_default_ports(ports_a, 5938, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 5938, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "LotusNotes", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
 			    ndpi_build_default_ports(ports_a, 1352, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SAP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SAP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 3201, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "GTP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 2152, 2123, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UPNP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "UPnP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 1780, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 1900, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TELEGRAM,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Telegram", NDPI_PROTOCOL_CATEGORY_CHAT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_QUIC,
-			    no_master,
+			    1 /* can_have_a_subprotocol */, no_master,
 			    no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Diameter", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 3868, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_APPLE_PUSH,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "ApplePush", NDPI_PROTOCOL_CATEGORY_CLOUD,
 			    ndpi_build_default_ports(ports_a, 1, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SPOTIFY,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Spotify", NDPI_PROTOCOL_CATEGORY_STREAMING,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "LISP", NDPI_PROTOCOL_CATEGORY_CLOUD,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 4342, 4341, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "KakaoTalk_Voice", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "MPEG_TS", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     /* http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LLMNR,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "LLMNR", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 5355, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */
 
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master,"H323", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPENVPN,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "OpenVPN", NDPI_PROTOCOL_CATEGORY_VPN,
 			    ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 1194, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NOE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "NOE", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CISCOVPN,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN,
 			    ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMSPEAK,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "TeamSpeak", NDPI_PROTOCOL_CATEGORY_CHAT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "CiscoSkinny", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 2000, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTCP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "RTCP", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
 			    ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Oracle", NDPI_PROTOCOL_CATEGORY_DATABASE,
 			    ndpi_build_default_ports(ports_a, 1521, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CORBA,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Corba", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UBUNTUONE,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "UbuntuONE", NDPI_PROTOCOL_CATEGORY_CLOUD,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0),      /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));         /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),         /* TCP */
 			    ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0));    /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SOCKS", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 1080, 0, 0, 0, 0),      /* TCP */
 			    ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0));     /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),         /* TCP */
 			    ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0));       /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "RTMP", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			    ndpi_build_default_ports(ports_a, 1935, 0, 0, 0, 0),      /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));        /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PANDO,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Pando_Media_Booster", NDPI_PROTOCOL_CATEGORY_WEB,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),         /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));        /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEGACO,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Megaco", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),         /* TCP */
 			    ndpi_build_default_ports(ports_b, 2944 , 0, 0, 0, 0));    /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_REDIS,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Redis", NDPI_PROTOCOL_CATEGORY_DATABASE,
 			    ndpi_build_default_ports(ports_a, 6379, 0, 0, 0, 0),      /* TCP */
 			    ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0));       /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZMQ,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "ZeroMQ", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),         /* TCP */
 			    ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) );      /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "VHUA", NDPI_PROTOCOL_CATEGORY_VOIP,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),         /* TCP */
 			    ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0));    /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Starcraft", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0),      /* TCP */
 			    ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0));     /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),	      /* TCP */
 			    ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0));    /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Viber", NDPI_PROTOCOL_CATEGORY_CHAT,
 			    ndpi_build_default_ports(ports_a, 7985, 5242, 5243, 4244, 0),      /* TCP */
 			    ndpi_build_default_ports(ports_b, 7985, 7987, 5242, 5243, 4244));  /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_COAP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "COAP", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),         /* TCP */
 			    ndpi_build_default_ports(ports_b, 5683, 5684, 0, 0, 0));  /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MQTT,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0),  /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));       /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SOMEIP", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 30491, 30501, 0, 0, 0),  /* TCP */
 			    ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),        /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));       /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_GIT,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Git", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
 			    ndpi_build_default_ports(ports_a, 9418, 0, 0, 0, 0),    /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));      /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DRDA,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),       /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));      /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "GoogleHangout", NDPI_PROTOCOL_CATEGORY_CHAT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),   /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));  /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),   /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));  /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),   /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));  /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DNSCRYPT,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),   /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));  /* UDP */
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TINC,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "TINC", NDPI_PROTOCOL_CATEGORY_VPN,
 			    ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FIX,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_NINTENDO,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "Nintendo", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CSGO,
-			    no_master,
+			    0 /* can_have_a_subprotocol */, no_master,
 			    no_master, "CSGO", NDPI_PROTOCOL_CATEGORY_GAME,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AJP,
-          no_master,
-          no_master, "AJP", NDPI_PROTOCOL_CATEGORY_WEB,
-          ndpi_build_default_ports(ports_a, 8009, 0, 0, 0, 0) /* TCP */,
-          ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "AJP", NDPI_PROTOCOL_CATEGORY_WEB,
+			    ndpi_build_default_ports(ports_a, 8009, 0, 0, 0, 0) /* TCP */,
+			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
     /* calling function for host and content matched protocols */
     init_string_based_protocols(ndpi_mod);
 
-    for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) {
-      if((ndpi_mod->proto_defaults[i].protoName == NULL)
-	 || ((i != NDPI_PROTOCOL_UNKNOWN)
-	     && (ndpi_mod->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED))) {
-	NDPI_LOG_ERR(ndpi_mod, "[NDPI] missing protoId=%d/%s: INTERNAL ERROR: not all protocols have been initialized\n",
-	       i, ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???");
-      }
-    }
+    ndpi_validate_protocol_initialization(ndpi_mod);
 }
 
 /* ****************************************************** */
 
-static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, void *param) {
-  int *matching_protocol_id = (int*)param;
+static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) {
   int min_len = (txt->length < m->patterns->length) ? txt->length : m->patterns->length;
+  char buf[64] = { '\0' };
+  int min_buf_len = (txt->length > 63 /* sizeof(buf)-1 */) ? 63 : txt->length;
+  u_int buf_len = strlen(buf);
+  
+  strncpy(buf, txt->astring, min_buf_len);
+  buf[min_buf_len] = '\0';
+
+#ifdef MATCH_DEBUG
+  printf("Searching [to search: %s/%u][pattern: %s/%u] [len: %u][match_num: %u][%s]\n",
+	 buf, txt->length, m->patterns->astring, m->patterns->length, min_len,
+	 m->match_num, m->patterns->astring);
+#endif
+
   /*
     Return 1 for stopping to the first match.
     We might consider searching for the more
     specific match, paying more cpu cycles.
   */
-  *matching_protocol_id = m->patterns[0].rep.number;
 
-  if(strncmp(txt->astring, m->patterns->astring, min_len) == 0)
+  memcpy(match, &m->patterns[0].rep, sizeof(AC_REP_t));
+
+  if(((buf_len >= min_len) && (strncmp(&buf[buf_len-min_len], m->patterns->astring, min_len) == 0))
+     || (strncmp(buf, m->patterns->astring, min_len) == 0) /* begins with */
+     )
+    {
+#ifdef MATCH_DEBUG
+      printf("Found match [%s][%s] [len: %u][proto_id: %u]\n",
+	     buf, m->patterns->astring, min_len, *matching_protocol_id);
+#endif
     return(1); /* If the pattern found matches the string at the beginning we stop here */
-  else
+  } else
     return 0; /* 0 to continue searching, !0 to stop */
 }
 
 /* ******************************************************************** */
 
-#ifdef NDPI_PROTOCOL_TOR
-
 static int fill_prefix_v4(prefix_t *p, struct in_addr *a, int b, int mb) {
   do {
     if(b < 0 || b > mb)
@@ -1979,6 +2090,7 @@ static patricia_node_t* add_to_ptree(patricia_tree_t *tree, int family,
 
   return(node);
 }
+
 /* ******************************************* */
 
 static void ndpi_init_ptree_ipv4(struct ndpi_detection_module_struct *ndpi_str,
@@ -1990,7 +2102,8 @@ static void ndpi_init_ptree_ipv4(struct ndpi_detection_module_struct *ndpi_str,
     patricia_node_t *node;
 
     pin.s_addr = htonl(host_list[i].network);
-    if((node = add_to_ptree(ptree, AF_INET, &pin, host_list[i].cidr /* bits */)) != NULL)
+    if((node = add_to_ptree(ptree, AF_INET,
+			    &pin, host_list[i].cidr /* bits */)) != NULL)
       node->value.user_value = host_list[i].value;
   }
 }
@@ -2020,8 +2133,6 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp
   return 0;
 }
 
-#endif
-
 void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)) { _ndpi_malloc = __ndpi_malloc; }
 void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)) { _ndpi_flow_malloc = __ndpi_flow_malloc; }
 
@@ -2043,7 +2154,7 @@ void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *
   vsnprintf(str,sizeof(str)-1, format, args);
   va_end(args);
 
-  if (ndpi_str != NULL) {
+  if(ndpi_str != NULL) {
     printf("%s:%s:%-3u - [%s]: %s",
 	    file_name, func_name, line_number, ndpi_get_proto_name(ndpi_str, proto), str);
   } else {
@@ -2152,6 +2263,7 @@ int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num)
 
   if(automa == NULL) return(-1);
 
+  memset(&ac_pattern, 0, sizeof(ac_pattern));
   ac_pattern.astring = str;
   ac_pattern.rep.number = num;
   ac_pattern.length = strlen(ac_pattern.astring);
@@ -2168,7 +2280,7 @@ void ndpi_finalize_automa(void *_automa) { ac_automata_finalize((AC_AUTOMATA_t*)
 /* ****************************************************** */
 
 int ndpi_match_string(void *_automa, char *string_to_match) {
-  int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN;
+  AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED };
   AC_TEXT_t ac_input_text;
   AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa;
 
@@ -2178,10 +2290,10 @@ int ndpi_match_string(void *_automa, char *string_to_match) {
     return(-2);
 
   ac_input_text.astring = string_to_match, ac_input_text.length = strlen(string_to_match);
-  ac_automata_search(automa, &ac_input_text, (void*)&matching_protocol_id);
+  ac_automata_search(automa, &ac_input_text, &match);
   ac_automata_reset(automa);
 
-  return(matching_protocol_id > 0 ? 0 : -1);
+  return(match.number > 0 ? 0 : -1);
 }
 
 /* ****************************************************** */
@@ -2189,7 +2301,8 @@ int ndpi_match_string(void *_automa, char *string_to_match) {
 int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id) {
   AC_TEXT_t ac_input_text;
   AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa;
-
+  AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED };
+  
   *id = -1;
   if((automa == NULL)
      || (string_to_match == NULL)
@@ -2197,10 +2310,12 @@ int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id
     return(-2);
 
   ac_input_text.astring = string_to_match, ac_input_text.length = strlen(string_to_match);
-  ac_automata_search(automa, &ac_input_text, (void*)id);
+  ac_automata_search(automa, &ac_input_text, &match);
   ac_automata_reset(automa);
 
-  return(*id != -1 ? 0 : -1);
+  *id = match.number;
+  
+  return(*id != NDPI_PROTOCOL_UNKNOWN ? 0 : -1);
 }
 
 /* *********************************************** */
@@ -2225,6 +2340,8 @@ static int hyperscanCustomEventHandler(unsigned int id,
 
 static int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_struct,
 				      char *name, unsigned long *id) {
+  /* printf("[NDPI] %s(%s)\n", __FUNCTION__, name); */
+
   if(!ndpi_struct->enable_category_substring_match) {
     if(ndpi_struct->custom_categories.hostnames_hash == NULL)
       return(-1);
@@ -2262,6 +2379,42 @@ static int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_
 
 /* *********************************************** */
 
+int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_struct,
+				      char *name_or_ip, unsigned long *id) {
+  char ipbuf[64];
+  struct in_addr pin;
+
+  if(!ndpi_struct->custom_categories.categories_loaded)
+    return -1;
+
+  strncpy(ipbuf, name_or_ip, sizeof(ipbuf));
+  char *ptr = strrchr(ipbuf, '/');
+
+  if(ptr)
+    ptr[0] = '\0';
+
+  if(inet_pton(AF_INET, ipbuf, &pin) == 1) {
+    /* Search IP */
+    prefix_t prefix;
+    patricia_node_t *node;
+
+    /* Make sure all in network byte order otherwise compares wont work */
+    fill_prefix_v4(&prefix, &pin, 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits);
+    node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix);
+
+    if(node) {
+      *id = node->value.user_value;
+      return 0;
+    }
+
+    return(-1);
+  } else
+    /* Search Host */
+    return ndpi_match_custom_category(ndpi_struct, name_or_ip, id);
+}
+
+/* *********************************************** */
+
 static void free_ptree_data(void *data) { ; }
 
 /* ****************************************************** */
@@ -2275,17 +2428,19 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct
 	ndpi_free(ndpi_struct->proto_defaults[i].protoName);
     }
 
-#ifdef NDPI_PROTOCOL_TINC
+    /* NDPI_PROTOCOL_TINC */
     if(ndpi_struct->tinc_cache)
       cache_free((cache_t)(ndpi_struct->tinc_cache));
-#endif
+
+    if(ndpi_struct->ookla_cache)
+      lruc_free((lruc*)ndpi_struct->ookla_cache);
 
     if(ndpi_struct->protocols_ptree)
       ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data);
-
-    if (ndpi_struct->udpRoot != NULL)
+    
+    if(ndpi_struct->udpRoot != NULL)
       ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free);
-    if (ndpi_struct->tcpRoot != NULL)
+    if(ndpi_struct->tcpRoot != NULL)
       ndpi_tdestroy(ndpi_struct->tcpRoot, ndpi_free);
 
     if(ndpi_struct->host_automa.ac_automa != NULL)
@@ -2340,7 +2495,8 @@ int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_
 				      u_int16_t** tcp_master_proto,
 				      u_int16_t** udp_master_proto) {
   if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) {
-    *tcp_master_proto = *udp_master_proto = NDPI_PROTOCOL_UNKNOWN;
+    *tcp_master_proto = ndpi_struct->proto_defaults[NDPI_PROTOCOL_UNKNOWN].master_tcp_protoId,
+      *udp_master_proto = ndpi_struct->proto_defaults[NDPI_PROTOCOL_UNKNOWN].master_udp_protoId;    
     return(-1);
   }
 
@@ -2381,7 +2537,27 @@ static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_
 
 /* ****************************************************** */
 
+/*
+  These are UDP protocols that must fit a single packet
+  and thus that if have NOT been detected they cannot be guessed
+  as they have been excluded
+ */
+u_int8_t is_udp_guessable_protocol(u_int16_t l7_guessed_proto) {
+  switch(l7_guessed_proto) {
+  case NDPI_PROTOCOL_QUIC:
+  case NDPI_PROTOCOL_SNMP:
+  case NDPI_PROTOCOL_NETFLOW:
+    /* TODO: add more protocols (if any missing) */
+    return(1);
+  }
+
+  return(0);
+}
+
+/* ****************************************************** */
+
 u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct,
+				 struct ndpi_flow_struct *flow,
 				 u_int8_t proto, u_int16_t sport, u_int16_t dport,
 				 u_int8_t *user_defined_proto) {
 
@@ -2390,8 +2566,19 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc
     ndpi_default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_struct, proto, sport, dport);
 
     if(found != NULL) {
-      *user_defined_proto = found->customUserProto;
-      return(found->proto->protoId);
+      u_int16_t guessed_proto = found->proto->protoId;
+
+      /* We need to check if the guessed protocol isn't excluded by nDPI */
+      if(flow
+	 && (proto == IPPROTO_UDP)
+	 && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, guessed_proto)
+	 && is_udp_guessable_protocol(guessed_proto)
+	 )
+	return(NDPI_PROTOCOL_UNKNOWN);
+      else {
+	*user_defined_proto = found->customUserProto;
+	return(guessed_proto);
+      }
     }
   } else {
     /* No TCP/UDP */
@@ -2446,10 +2633,10 @@ u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi
 char * strsep(char **sp, char *sep)
 {
   char *p, *s;
-  if (sp == NULL || *sp == NULL || **sp == '\0') return(NULL);
+  if(sp == NULL || *sp == NULL || **sp == '\0') return(NULL);
   s = *sp;
   p = s + strcspn(s, sep);
-  if (*p != '\0') *p++ = '\0';
+  if(*p != '\0') *p++ = '\0';
   *sp = p;
   return(s);
 }
@@ -2457,9 +2644,8 @@ char * strsep(char **sp, char *sep)
 
 /* ******************************************************************** */
 
-
-int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, u_int8_t do_add) {
-
+int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, 
+		     char* rule, u_int8_t do_add) {
   char *at, *proto, *elem;
   ndpi_proto_defaults_t *def;
   int subprotocol_id, i;
@@ -2487,7 +2673,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule,
   }
 
   for(i=0, def = NULL; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) {
-    if(strcasecmp(ndpi_mod->proto_defaults[i].protoName, proto) == 0) {
+    if(ndpi_mod->proto_defaults[i].protoName && strcasecmp(ndpi_mod->proto_defaults[i].protoName, proto) == 0) {
       def = &ndpi_mod->proto_defaults[i];
       subprotocol_id = i;
       break;
@@ -2511,7 +2697,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule,
 
       ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE,
 			      ndpi_mod->ndpi_num_supported_protocols,
-			      no_master,
+			      0 /* can_have_a_subprotocol */, no_master,
 			      no_master,
 			      ndpi_strdup(proto),
 			      NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, /* TODO add protocol category support in rules */
@@ -2549,12 +2735,13 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule,
       else
 	removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot);
     } else if(is_ip) {
-#ifdef NDPI_PROTOCOL_TOR
+      /* NDPI_PROTOCOL_TOR */
       ndpi_add_host_ip_subprotocol(ndpi_mod, value, subprotocol_id);
-#endif
     } else {
       if(do_add)
-	ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, NDPI_PROTOCOL_ACCEPTABLE);
+	ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id,
+				      NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
+				      NDPI_PROTOCOL_ACCEPTABLE);
       else
 	ndpi_remove_host_url_subprotocol(ndpi_mod, value, subprotocol_id);
     }
@@ -2575,7 +2762,6 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule,
 
 */
 int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char* path) {
-
   FILE *fd = fopen(path, "r");
   int i;
 
@@ -2823,6 +3009,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* SMB */
   init_smb_dissector(ndpi_struct, &a, detection_bitmask);
 
+  /* MINING */
+  init_mining_dissector(ndpi_struct, &a, detection_bitmask);
+
   /* TELNET */
   init_telnet_dissector(ndpi_struct, &a, detection_bitmask);
 
@@ -3027,6 +3216,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* REDIS */
   init_redis_dissector(ndpi_struct, &a, detection_bitmask);
 
+  /* UPnP */
+  init_upnp_dissector(ndpi_struct, &a, detection_bitmask);
+
   /* VHUA */
   init_vhua_dissector(ndpi_struct, &a, detection_bitmask);
 
@@ -3104,6 +3296,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* WHATSAPP */
   init_whatsapp_dissector(ndpi_struct, &a, detection_bitmask);
 
+  /* OOKLA */
+  init_ookla_dissector(ndpi_struct, &a, detection_bitmask);
+
   /* AMQP */
   init_amqp_dissector(ndpi_struct, &a, detection_bitmask);
 
@@ -3116,6 +3311,12 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* AJP */
   init_ajp_dissector(ndpi_struct, &a, detection_bitmask);
 
+  /* Memcached */
+  init_memcached_dissector(ndpi_struct, &a, detection_bitmask);
+
+  /* Nest Log Sink */
+  init_nest_log_sink_dissector(ndpi_struct, &a, detection_bitmask);
+
   /* ----------------------------------------------------------------- */
 
   ndpi_struct->callback_buffer_size = a;
@@ -3231,7 +3432,7 @@ static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struc
   }
   return 0;
 }
-#endif							/* NDPI_DETECTION_SUPPORT_IPV6 */
+#endif /* NDPI_DETECTION_SUPPORT_IPV6 */
 
 
 static u_int8_t ndpi_iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_int16_t ipsize)
@@ -3350,7 +3551,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
   u_int8_t l4protocol;
   u_int8_t l4_result;
 
-  if (flow) {
+  if(flow) {
     /* reset payload_packet_len, will be set if ipv4 tcp or udp */
     flow->packet.payload_packet_len = 0;
     flow->packet.l4_packet_len = 0;
@@ -3428,7 +3629,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
     if(flow->packet.l4_packet_len >=flow->packet.tcp->doff * 4) {
       flow->packet.payload_packet_len =
 	flow->packet.l4_packet_len -flow->packet.tcp->doff * 4;
-      flow->packet.actual_payload_len =flow->packet.payload_packet_len;
+      flow->packet.actual_payload_len = flow->packet.payload_packet_len;
       flow->packet.payload = ((u_int8_t *)flow->packet.tcp) + (flow->packet.tcp->doff * 4);
 
       /* check for new tcp syn packets, here
@@ -3438,15 +3639,22 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
 	 && flow->packet.tcp->ack == 0
 	 && flow->init_finished != 0
 	 && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
-	if(flow->http.url)
-		ndpi_free(flow->http.url);
-	if(flow->http.content_type)
-		ndpi_free(flow->http.content_type);
+	u_int8_t backup;
+	u_int16_t backup1, backup2;
+	
+	if(flow->http.url)          ndpi_free(flow->http.url);
+	if(flow->http.content_type) ndpi_free(flow->http.content_type);
+
+	backup  = flow->num_processed_pkts;
+	backup1 = flow->guessed_protocol_id;
+	backup2 = flow->guessed_host_protocol_id;	
 	memset(flow, 0, sizeof(*(flow)));
-
+	flow->num_processed_pkts = backup;
+	flow->guessed_protocol_id      = backup1;
+	flow->guessed_host_protocol_id = backup2;
+	
 	NDPI_LOG_DBG(ndpi_struct,
 		 "tcp syn packet for unknown protocol, reset detection state\n");
-
       }
     } else {
       /* tcp header not complete */
@@ -3459,6 +3667,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
   } else {
     flow->packet.generic_l4_ptr = l4ptr;
   }
+
   return 0;
 }
 
@@ -3616,9 +3825,8 @@ void check_ndpi_other_flow_func(struct ndpi_detection_module_struct *ndpi_struct
        ndpi_struct->callback_buffer_non_tcp_udp[a].ndpi_selection_bitmask
        && (flow == NULL
 	   ||
-	   NDPI_BITMASK_COMPARE
-	   (flow->excluded_protocol_bitmask,
-	    ndpi_struct->callback_buffer_non_tcp_udp[a].excluded_protocol_bitmask) == 0)
+	   NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask,
+				ndpi_struct->callback_buffer_non_tcp_udp[a].excluded_protocol_bitmask) == 0)
        && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_non_tcp_udp[a].detection_bitmask,
 			       detection_bitmask) != 0) {
 
@@ -3736,8 +3944,7 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct,
 	 && (ndpi_struct->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) ==
 	 ndpi_struct->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask
 	 && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask,
-				 ndpi_struct->
-				 callback_buffer_tcp_no_payload[a].excluded_protocol_bitmask) == 0
+				 ndpi_struct->callback_buffer_tcp_no_payload[a].excluded_protocol_bitmask) == 0
 	 && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_no_payload[a].detection_bitmask,
 				 detection_bitmask) != 0) {
 	ndpi_struct->callback_buffer_tcp_no_payload[a].func(ndpi_struct, flow);
@@ -3749,7 +3956,6 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct,
   }
 }
 
-
 /* ********************************************************************************* */
 
 void ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_struct,
@@ -3783,7 +3989,7 @@ static u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct
 /* ********************************************************************************* */
 
 ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct,
-				    struct ndpi_flow_struct *flow) {
+				    struct ndpi_flow_struct *flow, u_int8_t enable_guess) {
   ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED };
 
   if(flow == NULL) return(ret);
@@ -3794,29 +4000,42 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
 
     if(flow->guessed_protocol_id == NDPI_PROTOCOL_STUN)
       goto check_stun_export;
-    else if(flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') {
+    else if((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) {
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN);
     } else {
+      if(!enable_guess)
+	return(ret);
+      
       if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN)
 	 && (flow->packet.l4_protocol == IPPROTO_TCP)
 	 && (flow->l4.tcp.ssl_stage > 1))
 	flow->guessed_protocol_id = NDPI_PROTOCOL_SSL_NO_CERT;
 
-      guessed_protocol_id = flow->guessed_protocol_id,
-	guessed_host_protocol_id = flow->guessed_host_protocol_id;
+      guessed_protocol_id = flow->guessed_protocol_id, guessed_host_protocol_id = flow->guessed_host_protocol_id;
 
       if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)
-	 && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id)))
-	guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN;
-
+	 && ((flow->packet.l4_protocol == IPPROTO_UDP)
+	     && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id)
+	     && is_udp_guessable_protocol(guessed_host_protocol_id)
+	     ))
+	flow->guessed_host_protocol_id = guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN;
+      
       /* Ignore guessed protocol if they have been discarded */
       if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)
-	 && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN)
-	 && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id)))
-	guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN;
+	 // && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN)
+	 && (flow->packet.l4_protocol == IPPROTO_UDP)
+	 && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id)
+	 && is_udp_guessable_protocol(guessed_protocol_id))
+	flow->guessed_protocol_id = guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN;
 
       if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)
 	 || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) {
+
+	if((guessed_protocol_id == 0)
+	   && (flow->protos.stun_ssl.stun.num_binding_requests > 0)
+	   && (flow->protos.stun_ssl.stun.num_processed_pkts > 0))
+	  guessed_protocol_id = NDPI_PROTOCOL_STUN;
+
 	ndpi_int_change_protocol(ndpi_struct, flow,
 				 guessed_host_protocol_id,
 				 guessed_protocol_id);
@@ -3834,17 +4053,39 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
      && (flow->guessed_protocol_id == NDPI_PROTOCOL_STUN)) {
   check_stun_export:
     if(flow->protos.stun_ssl.stun.num_processed_pkts > 0) {
-      if(flow->protos.stun_ssl.stun.num_processed_pkts >= 8) {
-	u_int16_t proto = (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT;
-
-	ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE);
+      if(/* (flow->protos.stun_ssl.stun.num_processed_pkts >= NDPI_MIN_NUM_STUN_DETECTION) */
+	 flow->protos.stun_ssl.stun.is_skype) {
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE);
       } else
-	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id);
+	ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_STUN);
     }
   }
 
   ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0];
 
+  if(ret.master_protocol == NDPI_PROTOCOL_STUN) {
+    if(ret.app_protocol == NDPI_PROTOCOL_FACEBOOK)
+      ret.app_protocol = NDPI_PROTOCOL_MESSENGER;
+    else if(ret.app_protocol == NDPI_PROTOCOL_GOOGLE)
+      ret.app_protocol = NDPI_PROTOCOL_HANGOUT;
+  }
+  
+  if(enable_guess
+     && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN)
+     && flow->packet.iph /* Guess only IPv4 */
+     && (flow->packet.tcp || flow->packet.udp)
+     )
+    ret = ndpi_guess_undetected_protocol(ndpi_struct,
+					 flow,
+					 flow->packet.l4_protocol,
+					 ntohl(flow->packet.iph->saddr),
+					 ntohs(flow->packet.udp ? flow->packet.udp->source : flow->packet.tcp->source),
+					 ntohl(flow->packet.iph->daddr),
+					 ntohs(flow->packet.udp ? flow->packet.udp->dest : flow->packet.tcp->dest)
+					 );
+  
+  ndpi_fill_protocol_category(ndpi_struct, flow, &ret);
+
   return(ret);
 }
 
@@ -3883,8 +4124,8 @@ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct,
   ndpi_connection_tracking(ndpi_struct, flow);
 
   /* call the extra packet function (which may add more data/info to flow) */
-  if (flow->extra_packets_func) {
-    if ((flow->extra_packets_func(ndpi_struct, flow)) == 0)
+  if(flow->extra_packets_func) {
+    if((flow->extra_packets_func(ndpi_struct, flow)) == 0)
       flow->check_extra_packets = 0;
   }
 
@@ -3903,7 +4144,7 @@ void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct,
   if(ptr) {
     ptr[0] = '\0';
     ptr++;
-    if (atoi(ptr)>=0 && atoi(ptr)<=32)
+    if(atoi(ptr)>=0 && atoi(ptr)<=32)
       bits = atoi(ptr);
   }
 
@@ -3916,6 +4157,14 @@ void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct,
 
 /* ********************************************************************************* */
 
+/*
+ *
+ * IMPORTANT
+ *
+ * The *name pointer MUST be kept allocated until the automa is finalized and it
+ * cannot be recycled across multiple ndpi_load_hostname_category() calls
+ *
+ */
 int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct,
 				 char *name, ndpi_protocol_category_t category) {
   if(name == NULL)
@@ -3934,6 +4183,8 @@ int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct
     
     /* printf("===> Loading %s as %u\n", name, category); */
 
+    memset(&ac_pattern, 0, sizeof(ac_pattern));
+    
 #ifdef HAVE_HYPERSCAN
     {
       struct hs_list *h = (struct hs_list*)malloc(sizeof(struct hs_list));
@@ -3951,7 +4202,7 @@ int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct
 
 	tmp[j] = '\0';
 
-	h->expression = strdup(name), h->id = (unsigned int)category;
+	h->expression = ndpi_strdup(name), h->id = (unsigned int)category;
 	if(h->expression == NULL) {
 	  free(h);
 	  return(-2);
@@ -4042,21 +4293,25 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str)
 #else
     /* Free */
     ac_automata_release((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames.ac_automa);
-    ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_str->custom_categories.ipAddresses, free_ptree_data);
 
     /* Finalize */
     ac_automata_finalize((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames_shadow.ac_automa);
 
     /* Swap */
     ndpi_str->custom_categories.hostnames.ac_automa = ndpi_str->custom_categories.hostnames_shadow.ac_automa;
-    ndpi_str->custom_categories.ipAddresses = ndpi_str->custom_categories.ipAddresses_shadow;
 
     /* Realloc */
     ndpi_str->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_match_handler);
-    ndpi_str->custom_categories.ipAddresses_shadow = ndpi_New_Patricia(32 /* IPv4 */);
 #endif
   }
   
+  if(ndpi_str->custom_categories.ipAddresses != NULL)
+    ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_str->custom_categories.ipAddresses, 
+			  free_ptree_data);
+
+  ndpi_str->custom_categories.ipAddresses = ndpi_str->custom_categories.ipAddresses_shadow;
+  ndpi_str->custom_categories.ipAddresses_shadow = ndpi_New_Patricia(32 /* IPv4 */);
+
   ndpi_str->custom_categories.categories_loaded = 1;
   
   return(0);
@@ -4064,28 +4319,42 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str)
 
 /* ********************************************************************************* */
 
-void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct,
-				 struct ndpi_flow_struct *flow,
+int ndpi_fill_ip_protocol_category(struct ndpi_detection_module_struct *ndpi_struct,
+				 const struct ndpi_iphdr *iph,
 				 ndpi_protocol *ret) {
   if(ndpi_struct->custom_categories.categories_loaded) {
-    if(flow->packet.iph) {
       prefix_t prefix;
       patricia_node_t *node;
 
       /* Make sure all in network byte order otherwise compares wont work */
-      fill_prefix_v4(&prefix, (struct in_addr *)&flow->packet.iph->saddr,
+      fill_prefix_v4(&prefix, (struct in_addr *)&iph->saddr,
 		     32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits);
       node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix);
 
       if(!node) {
-	fill_prefix_v4(&prefix, (struct in_addr *)&flow->packet.iph->daddr,
+	fill_prefix_v4(&prefix, (struct in_addr *)&iph->daddr,
 		       32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits);
 	node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix);
       }
 
       if(node) {
 	ret->category = (ndpi_protocol_category_t)node->value.user_value;
-	return;
+	return 1;
+      }
+  }
+
+  ret->category = ndpi_get_proto_category(ndpi_struct, *ret);
+  return 0;
+}
+
+void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct,
+				 struct ndpi_flow_struct *flow,
+				 ndpi_protocol *ret) {
+  if(ndpi_struct->custom_categories.categories_loaded) {
+    if(flow->packet.iph) {
+      if(ndpi_fill_ip_protocol_category(ndpi_struct, flow->packet.iph, ret)) {
+        flow->category = ret->category;
+        return;
       }
     }
 
@@ -4094,23 +4363,23 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc
       int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->host_server_name, &id);
 
       if(rc == 0) {
-	ret->category = (ndpi_protocol_category_t)id;
+	flow->category = ret->category = (ndpi_protocol_category_t)id;
 	return;
       }
     }
 
-    if(flow->protos.stun_ssl.ssl.server_certificate[0] != '\0') {
+    if((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) {
       unsigned long id;
-      int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.stun_ssl.ssl.server_certificate, &id);
+      int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.stun_ssl.ssl.client_certificate, &id);
 
       if(rc == 0) {
-	ret->category = (ndpi_protocol_category_t)id;
+	flow->category = ret->category = (ndpi_protocol_category_t)id;
 	return;
       }
     }
   }
 
-  ret->category = ndpi_get_proto_category(ndpi_struct, *ret);
+  flow->category = ret->category = ndpi_get_proto_category(ndpi_struct, *ret);
 }
 
 /* ********************************************************************************* */
@@ -4132,6 +4401,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
   if(flow == NULL)
     return(ret);
 
+  flow->num_processed_pkts++;
+  
   if(flow->server_id == NULL) flow->server_id = dst; /* Default */
   if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN)
     goto ret_protocols;
@@ -4154,7 +4425,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
     return(ret);
 
   /* detect traffic for tcp or udp only */
-
   flow->src = src, flow->dst = dst;
 
   ndpi_connection_tracking(ndpi_struct, flow);
@@ -4209,12 +4479,13 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
     else sport = dport = 0;
 
     /* guess protocol */
-    flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto);
+    flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, flow, protocol, sport, dport, &user_defined_proto);
     flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_struct, flow);
 
     if(flow->guessed_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) {
       /* This is a custom protocol and it has priority over everything else */
-      ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id;
+      ret.master_protocol = NDPI_PROTOCOL_UNKNOWN,
+	ret.app_protocol = flow->guessed_protocol_id ? flow->guessed_protocol_id : flow->guessed_host_protocol_id;
       ndpi_fill_protocol_category(ndpi_struct, flow, &ret);
       return(ret);
     }
@@ -4223,7 +4494,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
       if(flow->packet.iph) {
 	if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) {
 	  /* ret.master_protocol = flow->guessed_protocol_id , ret.app_protocol = flow->guessed_host_protocol_id; /\* ****** *\/ */
-	  ret = ndpi_detection_giveup(ndpi_struct, flow);
+	  ret = ndpi_detection_giveup(ndpi_struct, flow, 0);
 	}
 
 	ndpi_fill_protocol_category(ndpi_struct, flow, &ret);
@@ -4242,8 +4513,22 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
   if(flow->guessed_host_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) {
     /* This is a custom protocol and it has priority over everything else */
     ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id;
+
+    if(flow->packet.tcp) {
+      /* Minimal guess for HTTP/SSL-based protocols */
+      switch(ntohs(flow->packet.tcp->dest)) {
+      case 80:
+	ret.master_protocol = NDPI_PROTOCOL_HTTP;
+	break;
+      case 443:
+	ret.master_protocol = NDPI_PROTOCOL_SSL; /* QUIC could also match */
+	break;
+      }
+    }
+    
     ndpi_check_flow_func(ndpi_struct, flow, &ndpi_selection_packet);
     ndpi_fill_protocol_category(ndpi_struct, flow, &ret);
+
     return(ret);
   }
 
@@ -4272,6 +4557,24 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
     ret.app_protocol = flow->detected_protocol_stack[0];
 
   ndpi_fill_protocol_category(ndpi_struct, flow, &ret);
+
+  if((flow->num_processed_pkts == 1)
+     && (ret.master_protocol == NDPI_PROTOCOL_UNKNOWN)
+     && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN)
+     && flow->packet.tcp
+     && (flow->packet.tcp->syn == 0)
+    ) {
+    /*
+      This is a TCP flow
+      - whose first packet is NOT a SYN
+      - no protocol has been detected
+
+      We don't see how future packets can match anything
+      hence we giveup here
+    */
+    ret = ndpi_detection_giveup(ndpi_struct, flow, 0);
+  }
+
   return(ret);
 }
 
@@ -4425,7 +4728,6 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc
 {
   u_int32_t a;
   struct ndpi_packet_struct *packet = &flow->packet;
-  u_int16_t end = packet->payload_packet_len - 1;
   if(packet->packet_lines_parsed_complete != 0)
     return;
 
@@ -4466,15 +4768,18 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc
   packet->http_response.len = 0;
   packet->http_num_headers=0;
 
-  if((packet->payload_packet_len == 0)
-     || (packet->payload == NULL)
-     || (end == 0))
+  if((packet->payload_packet_len < 3)
+     || (packet->payload == NULL))
     return;
 
   packet->line[packet->parsed_lines].ptr = packet->payload;
   packet->line[packet->parsed_lines].len = 0;
 
-  for(a = 0; a < end-1 /* This because get_u_int16_t(packet->payload, a) reads 2 bytes */; a++) {
+  for(a = 0; a < packet->payload_packet_len; a++) {
+
+    if((a + 1) == packet->payload_packet_len)
+	  return; /* Return if only one byte remains (prevent invalid reads past end-of-buffer) */
+
     if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) { /* If end of line char sequence CR+NL "\r\n", process line */
       packet->line[packet->parsed_lines].len = (u_int16_t)(((unsigned long) &packet->payload[a]) - ((unsigned long) packet->line[packet->parsed_lines].ptr));
 
@@ -4492,7 +4797,6 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc
 	    strncpy((char*)flow->http.response_status_code, (char*)packet->http_response.ptr, 3);
 	    flow->http.response_status_code[4]='\0';
 
-
 	    NDPI_LOG_DBG2(ndpi_struct,
 		  "ndpi_parse_packet_line_info: HTTP response parsed: \"%.*s\"\n",
 		   packet->http_response.len, packet->http_response.ptr);
@@ -4655,9 +4959,6 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc
       packet->line[packet->parsed_lines].ptr = &packet->payload[a + 2];
       packet->line[packet->parsed_lines].len = 0;
 
-      if((a + 2) >= packet->payload_packet_len)
-	    return;
-
       a++; /* next char in the payload */
     }
   }
@@ -4818,10 +5119,11 @@ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct
 
 /* ********************************************************************************* */
 
-u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return,
-			       u_int8_t * l4_protocol_return, u_int32_t flags)
-{
-  return ndpi_detection_get_l4_internal(NULL, l3, l3_len, l4_return, l4_len_return, l4_protocol_return, flags);
+u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len,
+			       const u_int8_t ** l4_return, u_int16_t * l4_len_return,
+			       u_int8_t * l4_protocol_return, u_int32_t flags) {
+  return ndpi_detection_get_l4_internal(NULL, l3, l3_len,
+					l4_return, l4_len_return, l4_protocol_return, flags);
 }
 
 /* ********************************************************************************* */
@@ -4829,8 +5131,7 @@ u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_in
 void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
 				struct ndpi_flow_struct *flow,
 				u_int16_t upper_detected_protocol,
-				u_int16_t lower_detected_protocol)
-{
+				u_int16_t lower_detected_protocol) {
   struct ndpi_id_struct *src = flow->src;
   struct ndpi_id_struct *dst = flow->dst;
 
@@ -4866,7 +5167,8 @@ void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_str
 				   u_int16_t lower_detected_protocol) {
   if(!flow) return;
 
-  flow->detected_protocol_stack[0] = upper_detected_protocol, flow->detected_protocol_stack[1] = lower_detected_protocol;
+  flow->detected_protocol_stack[0] = upper_detected_protocol,
+    flow->detected_protocol_stack[1] = lower_detected_protocol;
 }
 
 /* ********************************************************************************* */
@@ -4907,6 +5209,17 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct,
   if(upper_detected_protocol == lower_detected_protocol)
     lower_detected_protocol = NDPI_PROTOCOL_UNKNOWN;
 
+  if((upper_detected_protocol != NDPI_PROTOCOL_UNKNOWN)
+     && (lower_detected_protocol == NDPI_PROTOCOL_UNKNOWN)) {
+    if((flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)
+       && (upper_detected_protocol != flow->guessed_host_protocol_id)) {
+      if(ndpi_struct->proto_defaults[upper_detected_protocol].can_have_a_subprotocol) {
+	lower_detected_protocol = upper_detected_protocol;
+	upper_detected_protocol = flow->guessed_host_protocol_id;
+      }
+    }
+  }
+  
   ndpi_int_change_flow_protocol(ndpi_struct, flow,
 				upper_detected_protocol, lower_detected_protocol);
   ndpi_int_change_packet_protocol(ndpi_struct, flow,
@@ -4915,24 +5228,11 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct,
 
 /* ********************************************************************************* */
 
-/* change protocol only if guessing is active */
-/* void ndpi_guess_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, */
-/* 				struct ndpi_flow_struct *flow) */
-/* { */
-/*   if(flow->guessed_host_protocol_id != 0 && */
-/*      flow->guessed_protocol_id != 0) { */
-/*     /\* app proto for flow *\/ */
-/*     flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; */
-/*     /\* master proto for flow *\/ */
-/*     flow->detected_protocol_stack[1] = flow->guessed_protocol_id; */
-
-/*     /\* app proto for packet *\/ */
-/*     flow->packet.detected_protocol_stack[0] = flow->guessed_host_protocol_id; */
-/*     /\* master proto for packet *\/ */
-/*     flow->packet.detected_protocol_stack[1] = flow->guessed_protocol_id; */
-
-/*   } */
-/* } */
+void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct,
+			      struct ndpi_flow_struct *flow,
+			      ndpi_protocol_category_t protocol_category) {
+  flow->category = protocol_category;
+}
 
 /* ********************************************************************************* */
 
@@ -5153,6 +5453,7 @@ u_int16_t ndpi_get_lower_proto(ndpi_protocol proto) {
 /* ****************************************************** */
 
 ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
+					     struct ndpi_flow_struct *flow,
 					     u_int8_t proto,
 					     u_int32_t shost /* host byte order */, u_int16_t sport,
 					     u_int32_t dhost /* host byte order */, u_int16_t dport) {
@@ -5162,27 +5463,42 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct
   u_int8_t user_defined_proto;
 
   if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) {
-    rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto,
-				    shost, dhost, sport, dport);
+    rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, shost, dhost, sport, dport);
 
     if(rc != NDPI_PROTOCOL_UNKNOWN) {
-      ret.app_protocol = rc,
-	ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto);
-
-      if(ret.app_protocol == ret.master_protocol)
-	ret.master_protocol = NDPI_PROTOCOL_UNKNOWN;
-
-      return(ret);
+      if(flow && (proto == IPPROTO_UDP)
+	 && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)
+	 && is_udp_guessable_protocol(rc))
+	;
+      else {
+	ret.app_protocol = rc,
+	  ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport,
+						       dport, &user_defined_proto);
+	
+	if(ret.app_protocol == ret.master_protocol)
+	  ret.master_protocol = NDPI_PROTOCOL_UNKNOWN;
+	
+	ret.category = ndpi_get_proto_category(ndpi_struct, ret);
+	return(ret);
+      }
     }
 
-    rc = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto);
+    rc = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, dport, &user_defined_proto);
     if(rc != NDPI_PROTOCOL_UNKNOWN) {
-      ret.app_protocol = rc;
-
-      if(rc == NDPI_PROTOCOL_SSL)
-	goto check_guessed_skype;
-      else
-	return(ret);
+      if(flow && (proto == IPPROTO_UDP)
+	 && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)
+	 && is_udp_guessable_protocol(rc))
+	;
+      else {
+	ret.app_protocol = rc;
+	
+	if(rc == NDPI_PROTOCOL_SSL)
+	  goto check_guessed_skype;
+	else {
+	  ret.category = ndpi_get_proto_category(ndpi_struct, ret);
+	  return(ret);
+	}
+      }
     }
 
   check_guessed_skype:
@@ -5195,13 +5511,32 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct
 	ret.app_protocol = NDPI_PROTOCOL_SKYPE;
     }
   } else
-    ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto);
+    ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport,
+					      dport, &user_defined_proto);
 
+  ret.category = ndpi_get_proto_category(ndpi_struct, ret);  
   return(ret);
 }
 
 /* ****************************************************** */
 
+char* ndpi_protocol2id(struct ndpi_detection_module_struct *ndpi_mod,
+			 ndpi_protocol proto, char *buf, u_int buf_len) {
+  if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN)
+     && (proto.master_protocol != proto.app_protocol)) {
+    if(proto.app_protocol != NDPI_PROTOCOL_UNKNOWN)
+      snprintf(buf, buf_len, "%u.%u",
+	       proto.master_protocol, proto.app_protocol);
+    else
+      snprintf(buf, buf_len, "%u", proto.master_protocol);
+  } else
+    snprintf(buf, buf_len, "%u", proto.app_protocol);
+
+  return(buf);
+}
+
+/* ****************************************************** */
+
 char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod,
 			 ndpi_protocol proto, char *buf, u_int buf_len) {
   if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN)
@@ -5307,14 +5642,93 @@ static const char* categories[] = {
    "QuickTime",
    "RealMedia",
    "WindowsMedia",
-   "Webm",
+   "Webm", /* 32 */
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+   "",
+     
+   "Mining", /* 99 */
+   "Malware",
+   "Advertisement",
+   "Banned_Site",
+   "Site_Unavailable"
 };
 
 const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod,
 				   ndpi_protocol_category_t category) {
-  if(!ndpi_mod) return(NULL);
+  if((!ndpi_mod) || (category >= NDPI_PROTOCOL_NUM_CATEGORIES))
+    return(NULL);
 
-  if(category < NDPI_PROTOCOL_CATEGORY_CUSTOM_1)
+  if((category < NDPI_PROTOCOL_CATEGORY_CUSTOM_1) || (category >= CUSTOM_CATEGORY_MINING))
     return(categories[category]);
   else {
     switch(category) {
@@ -5340,8 +5754,10 @@ const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod
 
 ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_struct *ndpi_mod,
 						 ndpi_protocol proto) {
+  if(proto.category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)
+    return proto.category;
   /* simple rule: sub protocol first, master after */
-  if ((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) ||
+  else if((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) ||
       (ndpi_mod->proto_defaults[proto.app_protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED))
     return ndpi_mod->proto_defaults[proto.app_protocol].protoCategory;
   else
@@ -5445,7 +5861,7 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) {
   size_t len;
 
   if((c = *find++) != '\0') {
-    len = strlen(find);
+    len = strnlen(find, slen);
     do {
       do {
 	if(slen-- < 1 || (sc = *s++) == '\0')
@@ -5453,10 +5869,11 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) {
       } while (sc != c);
       if(len > slen)
 	return (NULL);
-    } while (strncmp(s, find, len) != 0);
+    } while(strncmp(s, find, len) != 0);
     s--;
   }
-  return ((char *)s);
+  
+  return((char *)s);
 }
 
 /* ****************************************************** */
@@ -5497,38 +5914,90 @@ int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len,
 
 int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
 				  char *string_to_match, u_int string_to_match_len,
+				  ndpi_protocol_match_result *ret_match,
 				  u_int8_t is_host_match) {
-  int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN;
   AC_TEXT_t ac_input_text;
-  ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa;
-
-  if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN);
+  ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa :
+    &ndpi_struct->content_automa;
+  AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED };
+  
+  if((automa->ac_automa == NULL) || (string_to_match_len == 0))
+    return(NDPI_PROTOCOL_UNKNOWN);
 
   if(!automa->ac_automa_finalized) {
     ac_automata_finalize((AC_AUTOMATA_t*)automa->ac_automa);
     automa->ac_automa_finalized = 1;
   }
-
+  
   ac_input_text.astring = string_to_match, ac_input_text.length = string_to_match_len;
-  ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, (void*)&matching_protocol_id);
-
+  ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, &match);
   ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa));
+  
+  ret_match->protocol_id = match.number,
+    ret_match->protocol_category = match.category,
+    ret_match->protocol_breed = match.breed;
+    
+  return(match.number);
+}
+
+#ifdef HAVE_HYPERSCAN
+
+/* ******************************************************************** */
+
+static int hyperscanEventHandler(unsigned int id, unsigned long long from,
+				 unsigned long long to, unsigned int flags, void *ctx) {
+  *((int *)ctx) = (int)id;
 
-  return(matching_protocol_id);
+  NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Match with: %d [from: %llu][to: %llu]\n", id, from, to);
+
+  /* return HS_SCAN_TERMINATED; */
+  return 0; /* keep searching */
 }
 
-/* ****************************************************** */
+#endif
 
-#ifndef HAVE_HYPERSCAN
+/* ****************************************************** */
 
 static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
 						struct ndpi_flow_struct *flow,
 						char *string_to_match, u_int string_to_match_len,
 						u_int16_t master_protocol_id,
+						ndpi_protocol_match_result *ret_match,
 						u_int8_t is_host_match) {
-  int matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, string_to_match_len, is_host_match);
+  int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN;
   struct ndpi_packet_struct *packet = &flow->packet;
 
+#ifndef HAVE_HYPERSCAN
+  matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match,
+						       string_to_match_len, ret_match,
+						       is_host_match);
+
+#else
+  struct hs *hs = (struct hs*)ndpi_struct->hyperscan;
+  hs_error_t status;
+  /*
+    TODO HYPERSCAN
+    In case of match fill up ret_match and set flow protocol + category
+   */
+  status = hs_scan(hs->database, string_to_match,
+		   string_to_match_len, 0, hs->scratch,
+		   hyperscanEventHandler, &matching_protocol_id);
+
+  if(status == HS_SUCCESS) {
+    NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Hyperscan engine completed normally. Result: %s [%d][%s]\n",
+		 ndpi_get_proto_name(ndpi_struct, matching_protocol_id), matching_protocol_id, string_to_match);
+  } else if(status == HS_SCAN_TERMINATED) {
+    NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Hyperscan engine was terminated by callback. Result: %s [%d][%s]\n",
+		  ndpi_get_proto_name(ndpi_struct, matching_protocol_id), matching_protocol_id, string_to_match);
+  } else {
+    NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Hyperscan returned with error.\n");
+  }
+
+  ret_match->protocol_id = matching_protocol_id,
+    ret_match->protocol_category = ndpi_struct->proto_defaults[matching_protocol_id].protoCategory,
+    ret_match->protocol_breed = ndpi_struct->proto_defaults[matching_protocol_id].protoBreed;
+#endif
+
 #ifdef DEBUG
   {
     char m[256];
@@ -5550,6 +6019,9 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str
     flow->detected_protocol_stack[0] = packet->detected_protocol_stack[0],
       flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1];
 
+    if(flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)
+      flow->category = ret_match->protocol_category;
+
     return(packet->detected_protocol_stack[0]);
   }
 
@@ -5561,45 +6033,16 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str
   return(NDPI_PROTOCOL_UNKNOWN);
 }
 
-#else
-
-/* ******************************************************************** */
-
-static int hyperscanEventHandler(unsigned int id, unsigned long long from,
-				 unsigned long long to, unsigned int flags, void *ctx) {
-  *((int *)ctx) = (int)id;
-  return HS_SCAN_TERMINATED;
-}
-
-/* *********************************************** */
-
-static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
-						struct ndpi_flow_struct *flow,
-						char *string_to_match, u_int string_to_match_len,
-						u_int16_t master_protocol_id,
-						u_int8_t is_host_match) {
-  int rv = NDPI_PROTOCOL_UNKNOWN;
-  struct hs *hs = (struct hs*)ndpi_struct->hyperscan;
-
-  if(hs_scan(hs->database, string_to_match,
-	     string_to_match_len, 0, hs->scratch,
-	     hyperscanEventHandler, &rv) != HS_SUCCESS)
-    NDPI_LOG_ERR(ndpi_struct, "[NDPI] Hyperscan match returned error\n");
-
-  return rv;
-}
-
-#endif
-
 /* ****************************************************** */
 
 int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
 				struct ndpi_flow_struct *flow,
 				char *string_to_match, u_int string_to_match_len,
+				ndpi_protocol_match_result *ret_match,
 				u_int16_t master_protocol_id) {
   return(ndpi_automa_match_string_subprotocol(ndpi_struct,
 					      flow, string_to_match, string_to_match_len,
-					      master_protocol_id, 1));
+					      master_protocol_id, ret_match, 1));
 }
 
 /* ****************************************************** */
@@ -5607,10 +6050,11 @@ int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct
 int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
 				   struct ndpi_flow_struct *flow,
 				   char *string_to_match, u_int string_to_match_len,
+				   ndpi_protocol_match_result *ret_match,
 				   u_int16_t master_protocol_id) {
   return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow,
 					      string_to_match, string_to_match_len,
-					      master_protocol_id, 0));
+					      master_protocol_id, ret_match, 0));
 }
 
 /* ****************************************************** */
@@ -5618,10 +6062,10 @@ int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_str
 int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct,
 		      ndpi_automa *automa, char *bigram_to_match) {
   AC_TEXT_t ac_input_text;
-  int ret = 0;
+  AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED };
 
   if((automa->ac_automa == NULL) || (bigram_to_match == NULL))
-    return(ret);
+    return(-1);
 
   if(!automa->ac_automa_finalized) {
     ac_automata_finalize((AC_AUTOMATA_t*)automa->ac_automa);
@@ -5629,20 +6073,18 @@ int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct,
   }
 
   ac_input_text.astring = bigram_to_match, ac_input_text.length = 2;
-  ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, (void*)&ret);
+  ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, &match);
   ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa));
 
-  return(ret);
+  return(match.number);
 }
 
 /* ****************************************************** */
 
 void ndpi_free_flow(struct ndpi_flow_struct *flow) {
   if(flow) {
-    if(flow->http.url)
-      ndpi_free(flow->http.url);
-    if(flow->http.content_type)
-      ndpi_free(flow->http.content_type);
+    if(flow->http.url)          ndpi_free(flow->http.url);
+    if(flow->http.content_type) ndpi_free(flow->http.content_type);
     ndpi_free(flow);
   }
 }
@@ -5728,3 +6170,27 @@ u_int ndpi_get_ndpi_detection_module_size() {
 void ndpi_set_log_level(struct ndpi_detection_module_struct *ndpi_mod, u_int l) {
   ndpi_mod->ndpi_log_level = l;
 }
+
+/* ******************************************************************** */
+
+/*
+  NOTE:
+  - Leave fields empty/zero when information is missing (e.g. with ICMP ports are zero)
+  - The hash_buf most be 30+1 bits or longer
+  - Return code: 0 = OK, -1 otherwise
+ */
+
+int ndpi_flowv4_flow_hash(u_int8_t l4_proto, u_int32_t src_ip,
+			  u_int32_t dst_ip, u_int16_t src_port, u_int16_t dst_port,
+			  u_int8_t icmp_type, u_int8_t icmp_code,
+			  u_char *hash_buf, u_int8_t hash_buf_len) {
+
+  return(0); /* OK */
+}
+
+int ndpi_flowv6_flow_hash(u_int8_t l4_proto, struct ndpi_in6_addr *src_ip, struct ndpi_in6_addr *dst_ip,
+			  u_int16_t src_port, u_int16_t dst_port, u_int8_t icmp_type, u_int8_t icmp_code,
+			  u_char *hash_buf, u_int8_t hash_buf_len) {
+
+  return(0); /* OK */
+}
diff --git a/src/lib/protocols/afp.c b/src/lib/protocols/afp.c
index ee8dc5973..ffe303cea 100644
--- a/src/lib/protocols/afp.c
+++ b/src/lib/protocols/afp.c
@@ -1,8 +1,8 @@
 /*
  * afp.c
  *
- * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-16 - ntop.org
+ * Copyright (C) 2009-11 by ipoque GmbH
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_AFP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AFP
 
 #include "ndpi_api.h"
@@ -100,5 +98,3 @@ void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-
-#endif
diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c
index fb439f817..dec8118c2 100644
--- a/src/lib/protocols/aimini.c
+++ b/src/lib/protocols/aimini.c
@@ -2,7 +2,7 @@
  * aimini.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_AIMINI
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AIMINI
 
 #include "ndpi_api.h"
@@ -293,5 +291,3 @@ void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/ajp.c b/src/lib/protocols/ajp.c
index ed7bb83f7..7cae40f20 100644
--- a/src/lib/protocols/ajp.c
+++ b/src/lib/protocols/ajp.c
@@ -22,8 +22,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_AJP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AJP
 
 #include "ndpi_api.h"
@@ -149,5 +147,3 @@ void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c
index 6b530c16d..793b3699e 100644
--- a/src/lib/protocols/amqp.c
+++ b/src/lib/protocols/amqp.c
@@ -1,7 +1,7 @@
 /*
  * amqp.c
  *
- * Copyright (C) 2011-17 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_AMQP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AMQP
 
 #include "ndpi_api.h"
@@ -87,4 +85,3 @@ void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 	*id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c
index 734be6e96..6930dba86 100644
--- a/src/lib/protocols/apple_push.c
+++ b/src/lib/protocols/apple_push.c
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_APPLE_PUSH
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLE_PUSH
 
 #include "ndpi_api.h"
@@ -76,6 +74,3 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   *id += 1;
 }
 
-
-
-#endif
diff --git a/src/lib/protocols/applejuice.c b/src/lib/protocols/applejuice.c
index a80c39d7f..95e6b4458 100644
--- a/src/lib/protocols/applejuice.c
+++ b/src/lib/protocols/applejuice.c
@@ -2,7 +2,7 @@
  * applejuice.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_APPLEJUICE
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLEJUICE
 
 #include "ndpi_api.h"
@@ -67,5 +65,3 @@ void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/armagetron.c b/src/lib/protocols/armagetron.c
index 7f4fb9ec0..53c36a5f9 100644
--- a/src/lib/protocols/armagetron.c
+++ b/src/lib/protocols/armagetron.c
@@ -2,7 +2,7 @@
  * armagetron.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_ARMAGETRON
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ARMAGETRON
 
 #include "ndpi_api.h"
@@ -109,6 +107,3 @@ void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-
-#endif
diff --git a/src/lib/protocols/attic/flash.c b/src/lib/protocols/attic/flash.c
index bc47ee881..eb27807d7 100644
--- a/src/lib/protocols/attic/flash.c
+++ b/src/lib/protocols/attic/flash.c
@@ -2,7 +2,7 @@
  * flash.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
diff --git a/src/lib/protocols/attic/ftp.c b/src/lib/protocols/attic/ftp.c
index 2e06aec9a..19604089c 100644
--- a/src/lib/protocols/attic/ftp.c
+++ b/src/lib/protocols/attic/ftp.c
@@ -2,7 +2,7 @@
  * ftp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
diff --git a/src/lib/protocols/attic/manolito.c b/src/lib/protocols/attic/manolito.c
index 3b1db0df5..71fdaeaff 100644
--- a/src/lib/protocols/attic/manolito.c
+++ b/src/lib/protocols/attic/manolito.c
@@ -2,7 +2,7 @@
  * manolito.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
diff --git a/src/lib/protocols/attic/popo.c b/src/lib/protocols/attic/popo.c
index 4bd040efe..c5b0447df 100644
--- a/src/lib/protocols/attic/popo.c
+++ b/src/lib/protocols/attic/popo.c
@@ -2,7 +2,7 @@
  * popo.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
diff --git a/src/lib/protocols/attic/secondlife.c b/src/lib/protocols/attic/secondlife.c
index d475dc386..487c03597 100644
--- a/src/lib/protocols/attic/secondlife.c
+++ b/src/lib/protocols/attic/secondlife.c
@@ -2,7 +2,7 @@
  * secondlife.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c
index bc993cfe3..c44c723b5 100644
--- a/src/lib/protocols/ayiya.c
+++ b/src/lib/protocols/ayiya.c
@@ -1,7 +1,7 @@
 /*
  * ayiya.c
  *
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -28,8 +28,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_AYIYA
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AYIYA
 
 #include "ndpi_api.h"
@@ -85,5 +83,3 @@ void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/battlefield.c b/src/lib/protocols/battlefield.c
index 23a3749b2..b4ec74cfe 100644
--- a/src/lib/protocols/battlefield.c
+++ b/src/lib/protocols/battlefield.c
@@ -2,7 +2,7 @@
  * battlefield.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_BATTLEFIELD
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BATTLEFIELD
 
 #include "ndpi_api.h"
@@ -126,5 +124,3 @@ void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/bgp.c b/src/lib/protocols/bgp.c
index f7896968b..aaa5730f7 100644
--- a/src/lib/protocols/bgp.c
+++ b/src/lib/protocols/bgp.c
@@ -1,7 +1,7 @@
 /*
  * bgp.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_BGP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BGP
 
 #include "ndpi_api.h"
@@ -67,5 +65,3 @@ void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-
-#endif
diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c
index fceafc188..ad7de6b42 100644
--- a/src/lib/protocols/bittorrent.c
+++ b/src/lib/protocols/bittorrent.c
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_BITTORRENT
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BITTORRENT
 
 #include "ndpi_api.h"
@@ -503,5 +501,3 @@ void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c
index f9f690308..759f810be 100644
--- a/src/lib/protocols/bjnp.c
+++ b/src/lib/protocols/bjnp.c
@@ -1,16 +1,14 @@
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_BJNP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BJNP
 
 #include "ndpi_api.h"
 
 static void ndpi_int_bjnp_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
 					    struct ndpi_flow_struct *flow,
-					    u_int8_t due_to_correlation)
-{
-  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BJNP, NDPI_PROTOCOL_UNKNOWN);
+					 u_int8_t due_to_correlation) {
+  ndpi_set_detected_protocol(ndpi_struct, flow,
+			     NDPI_PROTOCOL_BJNP, NDPI_PROTOCOL_UNKNOWN);
 }
 
 
@@ -61,7 +59,3 @@ void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-
-
-#endif
diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c
index ac456f364..5992c1b28 100644
--- a/src/lib/protocols/btlib.c
+++ b/src/lib/protocols/btlib.c
@@ -1,7 +1,7 @@
 /*
  * btlib.c
  *
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *               Contributed by Vitaly Lavrov <vel21ripn@gmail.com>
  *
  * This file is part of nDPI, an open source deep packet inspection
@@ -22,6 +22,8 @@
  *
  */
 
+#include "ndpi_api.h"
+
 #ifndef NDPI_NO_STD_INC
 #include <stdlib.h>
 #include <stdio.h>
diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c
index 81ac543b6..991885fce 100644
--- a/src/lib/protocols/checkmk.c
+++ b/src/lib/protocols/checkmk.c
@@ -1,7 +1,7 @@
 /*
  * checkmk.c
  *
- * Copyright (C) 2011-17 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_CHECKMK
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CHECKMK
 
 #include "ndpi_api.h"
@@ -82,6 +80,3 @@ void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-
-#endif
diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c
index e04fba936..d98f91e02 100644
--- a/src/lib/protocols/ciscovpn.c
+++ b/src/lib/protocols/ciscovpn.c
@@ -6,8 +6,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_CISCOVPN
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CISCOVPN
 
 #include "ndpi_api.h"
@@ -84,5 +82,3 @@ void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c
index 7d6406bff..89e520815 100644
--- a/src/lib/protocols/citrix.c
+++ b/src/lib/protocols/citrix.c
@@ -1,7 +1,7 @@
 /*
  * citrix.c
  *
- * Copyright (C) 2012-15 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_CITRIX
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CITRIX
 
 #include "ndpi_api.h"
@@ -95,5 +93,3 @@ void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c
index 288d15f23..5ac8cb80e 100644
--- a/src/lib/protocols/coap.c
+++ b/src/lib/protocols/coap.c
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_COAP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COAP
 
 #include "ndpi_api.h"
@@ -163,5 +161,3 @@ void init_coap_dissector (struct ndpi_detection_module_struct *ndpi_struct,
   *id +=1;
 }
 
-
-#endif // NDPI_PROTOCOL_COAP
diff --git a/src/lib/protocols/collectd.c b/src/lib/protocols/collectd.c
index 2d4a06bb3..6f96871ea 100644
--- a/src/lib/protocols/collectd.c
+++ b/src/lib/protocols/collectd.c
@@ -1,7 +1,7 @@
 /*
  * collectd.c
  *
- * Copyright (C) 2014 - ntop.org
+ * Copyright (C) 2014-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -21,8 +21,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_COLLECTD
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COLLECTD
 
 #include "ndpi_api.h"
@@ -54,5 +52,3 @@ void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, stru
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
   }
 }
-
-#endif
diff --git a/src/lib/protocols/corba.c b/src/lib/protocols/corba.c
index 94e9f324a..ffb12fec1 100644
--- a/src/lib/protocols/corba.c
+++ b/src/lib/protocols/corba.c
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_CORBA
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CORBA
 
 #include "ndpi_api.h"
@@ -60,4 +58,3 @@ void init_corba_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-#endif
diff --git a/src/lib/protocols/crossfire.c b/src/lib/protocols/crossfire.c
index ea1dce66a..03f3b4264 100644
--- a/src/lib/protocols/crossfire.c
+++ b/src/lib/protocols/crossfire.c
@@ -1,7 +1,7 @@
 /*
  * crossfire.c
  *
- * Copyright (C) 2012-15 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_CROSSFIRE
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CROSSFIRE
 
 #include "ndpi_api.h"
@@ -88,5 +86,3 @@ void init_crossfire_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c
index 3bf0b4fe9..7f4479419 100644
--- a/src/lib/protocols/csgo.c
+++ b/src/lib/protocols/csgo.c
@@ -22,8 +22,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_CSGO
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CSGO
 
 #include "ndpi_api.h"
@@ -122,5 +120,3 @@ void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c
index 3aef077cd..ae1266a01 100644
--- a/src/lib/protocols/dcerpc.c
+++ b/src/lib/protocols/dcerpc.c
@@ -1,7 +1,7 @@
 /*
  * dcerpc.c
  *
- * Copyright (C) 2011-13 by ntop.org
+ * Copyright (C) 2011-18 by ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_DCERPC
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DCERPC
 
 #include "ndpi_api.h"
@@ -69,4 +67,3 @@ void init_dcerpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c
index 6ac07e832..52415946b 100644
--- a/src/lib/protocols/dhcp.c
+++ b/src/lib/protocols/dhcp.c
@@ -1,7 +1,7 @@
 /*
  * dhcp.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_DHCP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCP
 
 #include "ndpi_api.h"
@@ -166,5 +164,3 @@ void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/dhcpv6.c b/src/lib/protocols/dhcpv6.c
index 98ed08cda..77be89e40 100644
--- a/src/lib/protocols/dhcpv6.c
+++ b/src/lib/protocols/dhcpv6.c
@@ -2,7 +2,7 @@
  * dhcpv6.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_DHCPV6
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCPV6
 
 #include "ndpi_api.h"
@@ -68,5 +66,3 @@ void init_dhcpv6_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/diameter.c b/src/lib/protocols/diameter.c
index 24317f498..7fb443c34 100644
--- a/src/lib/protocols/diameter.c
+++ b/src/lib/protocols/diameter.c
@@ -1,8 +1,7 @@
 /*
- * aimini.c
+ * diameter.c
  *
  * Copyright (C) 2018 - ntop.org
- * Written by Michele Campus - <campus@ntop.org>
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -19,22 +18,22 @@
  *
  * You should have received a copy of the GNU Lesser General Public License
  * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
+ * Based on code of:
+ * Michele Campus - <campus@ntop.org>
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_DIAMETER
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIAMETER
 
 #include "ndpi_api.h"
 
 
 // Header Flags possibile values
-#define REQUEST   0X80
-#define PROXYABLE 0X40
-#define ERROR     0X20
-#define RETRASM   0X10
+#define DIAMETER_REQUEST   0X80
+#define DIAMETER_PROXYABLE 0X40
+#define DIAMETER_ERROR     0X20
+#define DIAMETER_RETRASM   0X10
 
 typedef enum {
     AC = 271,
@@ -73,10 +72,10 @@ int is_diameter(struct ndpi_packet_struct *packet, int size_payload)
 
   // check if the packet is diameter
   if(diameter->version == 0x01 &&
-     (diameter->flags == REQUEST ||
-      diameter->flags == PROXYABLE ||
-      diameter->flags == ERROR ||
-      diameter->flags == RETRASM)) {
+     (diameter->flags == DIAMETER_REQUEST ||
+      diameter->flags == DIAMETER_PROXYABLE ||
+      diameter->flags == DIAMETER_ERROR ||
+      diameter->flags == DIAMETER_RETRASM)) {
 
     u_int16_t com_code = diameter->com_code[2] + (diameter->com_code[1] << 8) + (diameter->com_code[0] << 8);
     
@@ -128,5 +127,3 @@ void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
   *id += 1;
 }
 
-#endif /* NDPI_PROTOCOL_DIAMETER */
-
diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c
index 725e53348..5088685e4 100644
--- a/src/lib/protocols/directconnect.c
+++ b/src/lib/protocols/directconnect.c
@@ -2,7 +2,7 @@
  * directconnect.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_DIRECTCONNECT
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECTCONNECT
 
 #include "ndpi_api.h"
@@ -80,8 +78,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s
 						  const u_int8_t connection_type)
 {
 
-  struct ndpi_packet_struct *packet = &flow->packet;
-	
+  struct ndpi_packet_struct *packet = &flow->packet;	
   struct ndpi_id_struct *src = flow->src;
   struct ndpi_id_struct *dst = flow->dst;
 
@@ -446,5 +443,3 @@ void init_directconnect_dissector(struct ndpi_detection_module_struct *ndpi_stru
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c
index 0a4d528f2..cd8243786 100644
--- a/src/lib/protocols/directdownloadlink.c
+++ b/src/lib/protocols/directdownloadlink.c
@@ -2,7 +2,7 @@
  * directdownloadlink.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-14svn - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK
 
 #include "ndpi_api.h"
@@ -731,4 +729,4 @@ void init_directdownloadlink_dissector(struct ndpi_detection_module_struct *ndpi
 
   *id += 1;
 }
-#endif
+
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 7b56c3c02..90be9544c 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -1,7 +1,7 @@
 /*
  * dns.c
  *
- * Copyright (C) 2012-16 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_DNS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNS
 
 #include "ndpi_api.h"
@@ -209,12 +207,16 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
       flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries,
 	flow->protos.dns.num_answers = (u_int8_t) (dns_header.num_answers + dns_header.authority_rrs + dns_header.additional_rrs);
 
-      if(j > 0)
+      if(j > 0) {
+	ndpi_protocol_match_result ret_match;
+	
 	ndpi_match_host_subprotocol(ndpi_struct, flow, 
 				    (char *)flow->host_server_name,
 				    strlen((const char*)flow->host_server_name),
+				    &ret_match,
 				    NDPI_PROTOCOL_DNS);
-
+      }
+      
 #ifdef DNS_DEBUG
       NDPI_LOG_DBG2(ndpi_struct, "[num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n",
 	     flow->protos.dns.num_queries, flow->protos.dns.num_answers,
@@ -247,5 +249,3 @@ void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c
index baed6c262..997f999a0 100644
--- a/src/lib/protocols/dofus.c
+++ b/src/lib/protocols/dofus.c
@@ -2,7 +2,7 @@
  * dofus.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_DOFUS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DOFUS
 
 #include "ndpi_api.h"
@@ -151,4 +149,4 @@ void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 
   *id += 1;
 }
-#endif
+
diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c
index 72d708d13..7dc24ffcc 100644
--- a/src/lib/protocols/drda.c
+++ b/src/lib/protocols/drda.c
@@ -1,7 +1,7 @@
 /*
  * drda.c
  *
- * Copyright (C) 2012-16 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * This module is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -19,8 +19,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_DRDA
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DRDA
 
 #include "ndpi_api.h"
@@ -103,5 +101,3 @@ void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 
   *id += 1;
 }
-
-#endif /* NDPI_PROTOCOL_DRDA */
diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c
index 6e8a2dcb0..39bb96ff2 100644
--- a/src/lib/protocols/dropbox.c
+++ b/src/lib/protocols/dropbox.c
@@ -1,7 +1,7 @@
 /*
  * dropbox.c
  *
- * Copyright (C) 2012-16 by ntop.org
+ * Copyright (C) 2012-18 by ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_DROPBOX
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DROPBOX
 
 #include "ndpi_api.h"
@@ -50,14 +48,24 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct,
   if(packet->udp != NULL) {
     u_int16_t dropbox_port = htons(DB_LSP_PORT);
 
-    if((packet->udp->source == dropbox_port)
-       && (packet->udp->dest == dropbox_port)) {
-      if(payload_len > 2) {
-	if(strncmp((const char *)packet->payload, "{\"host_int\"", 11) == 0) {
-	  
-	  NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
-	  ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
-	  return;
+    if(packet->udp->dest == dropbox_port) {    
+      if(packet->udp->source == dropbox_port) {	
+	if(payload_len > 10) {
+	  if(ndpi_strnstr((const char *)packet->payload, "\"host_int\"", payload_len) != NULL) {
+	    
+	    NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
+	    ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
+	    return;
+	  }
+	}
+      } else {
+	if(payload_len > 10) {
+	  if(ndpi_strnstr((const char *)packet->payload, "Bus17Cmd", payload_len) != NULL) {
+	    
+	    NDPI_LOG_INFO(ndpi_struct, "found dropbox\n");
+	    ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0);
+	    return;
+	  }
 	}
       }
     }
@@ -91,7 +99,3 @@ void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-
-
-#endif
diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c
index 3929b4ef6..8768cac6f 100644
--- a/src/lib/protocols/eaq.c
+++ b/src/lib/protocols/eaq.c
@@ -1,7 +1,7 @@
 /*
  * eaq.c
  *
- * Copyright (C) 2015 - ntop.org
+ * Copyright (C) 2015-18 - ntop.org
  *
  * This module is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -27,8 +27,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_EAQ
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EAQ
 
 #include "ndpi_api.h"
@@ -55,12 +53,15 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd
       
     if(packet->udp != NULL) {
       u_int32_t seq = (packet->payload[0] * 1000) + (packet->payload[1] * 100) + (packet->payload[2] * 10) + packet->payload[3];
-      
+
       if(flow->l4.udp.eaq_pkt_id == 0)
         flow->l4.udp.eaq_sequence = seq;
       else {
         if( (flow->l4.udp.eaq_sequence != seq) &&
-	    ((flow->l4.udp.eaq_sequence+1) != seq)) break;
+	    ((flow->l4.udp.eaq_sequence+1) != seq))
+	  break;
+	else
+	  flow->l4.udp.eaq_sequence = seq;
       }
 
       if(++flow->l4.udp.eaq_pkt_id == 4) {
@@ -68,7 +69,8 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd
         NDPI_LOG_INFO(ndpi_struct, "found eaq\n");
         ndpi_int_eaq_add_connection(ndpi_struct, flow);
         return;
-      }
+      } else
+	return;
     }
   } while(0);
 
@@ -88,5 +90,3 @@ void init_eaq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c
index 34276bbcb..547bafc5f 100644
--- a/src/lib/protocols/edonkey.c
+++ b/src/lib/protocols/edonkey.c
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_EDONKEY
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EDONKEY
 
 #include "ndpi_api.h"
@@ -37,123 +35,122 @@ static void ndpi_int_edonkey_add_connection(struct ndpi_detection_module_struct
 }
 
 static int ndpi_edonkey_payload_check(const u_int8_t *data, u_int32_t len) {
+  if((len >= 4) && (data[0] == 0xe3) && (data[2] == 0x00) && (data[3] == 0x00))
+    return 1;
   
-  if ((len >= 4) && (data[0] == 0xe3) && (data[2] == 0x00) && (data[3] == 0x00))
-	return 1;
-  
-  if ((len >= 4) && (data[0] == 0xc5) && (data[2] == 0x00) && (data[3] == 0x00))
-	return 1;  
+  if((len >= 4) && (data[0] == 0xc5) && (data[2] == 0x00) && (data[3] == 0x00))
+    return 1;  
   
-  if ((len >= 2) && (data[0] == 0xe5) && (data[1] == 0x43))
-	return 1;
+  if((len >= 2) && (data[0] == 0xe5) && (data[1] == 0x43))
+    return 1;
   
-  if ((len >= 4) && (data[0] == 0xe5) && (data[1] == 0x08) && (data[2] == 0x78) && (data[3] == 0xda))
-	return 1;
+  if((len >= 4) && (data[0] == 0xe5) && (data[1] == 0x08) && (data[2] == 0x78) && (data[3] == 0xda))
+    return 1;
 
-  if ((len >= 4) && (data[0] == 0xe5) && (data[1] == 0x28) && (data[2] == 0x78) && (data[3] == 0xda))
-	return 1;
+  if((len >= 4) && (data[0] == 0xe5) && (data[1] == 0x28) && (data[2] == 0x78) && (data[3] == 0xda))
+    return 1;
 
-  if ((len >= 2) && (data[0] == 0xc5) && (data[1] == 0x90))
-	return 1;
+  if((len >= 2) && (data[0] == 0xc5) && (data[1] == 0x90))
+    return 1;
 
-  if ((len >= 2) && (data[0] == 0xc5) && (data[1] == 0x91))
-	return 1;
+  if((len >= 2) && (data[0] == 0xc5) && (data[1] == 0x91))
+    return 1;
 
-  if ((len == 2) && (data[0] == 0xc5) && (data[1] == 0x92))
-	return 1;
+  if((len == 2) && (data[0] == 0xc5) && (data[1] == 0x92))
+    return 1;
 
-  if ((len == 2) && (data[0] == 0xc5) && (data[1] == 0x93))
-	return 1;
+  if((len == 2) && (data[0] == 0xc5) && (data[1] == 0x93))
+    return 1;
 
-  if ((len >= 38 && len <= 70) && (data[0] == 0xc5) && (data[1] == 0x94))
-	return 1;
+  if((len >= 38 && len <= 70) && (data[0] == 0xc5) && (data[1] == 0x94))
+    return 1;
 
-  if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x9a))
-	return 1;
+  if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x9a))
+    return 1;
 
-  if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x9b))
-	return 1;
+  if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x9b))
+    return 1;
 
-  if ((len == 6) && (data[0] == 0xe3) && (data[1] == 0x96))
-	return 1;
+  if((len == 6) && (data[0] == 0xe3) && (data[1] == 0x96))
+    return 1;
 
-  if ((len <= 34 && ((len - 2) % 4 == 0)) && (data[0] == 0xe3) && (data[1] == 0x97))
-	return 1;
+  if((len <= 34 && ((len - 2) % 4 == 0)) && (data[0] == 0xe3) && (data[1] == 0x97))
+    return 1;
 
-  if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x92))
-	return 1;
+  if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x92))
+    return 1;
 
-  if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x94))
-	return 1;
+  if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x94))
+    return 1;
 
-  if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x98))
-	return 1;
+  if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x98))
+    return 1;
 
-  if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x99))
-	return 1;
+  if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0x99))
+    return 1;
 
-  if ((len == 6) && (data[0] == 0xe3) && (data[1] == 0xa2))
-	return 1;
+  if((len == 6) && (data[0] == 0xe3) && (data[1] == 0xa2))
+    return 1;
 
-  if ((len >= 2) && (data[0] == 0xe3) && (data[1] == 0xa3))
-	return 1;
+  if((len >= 2) && (data[0] == 0xe3) && (data[1] == 0xa3))
+    return 1;
 
-  if ((len == 27) && (data[0] == 0xe4) && (data[1] == 0x00))
-	return 1;
+  if((len == 27) && (data[0] == 0xe4) && (data[1] == 0x00))
+    return 1;
 
-  if ((len == 529) && (data[0] == 0xe4) && (data[1] == 0x08))
-	return 1;
+  if((len == 529) && (data[0] == 0xe4) && (data[1] == 0x08))
+    return 1;
 
-  if ((len == 18) && (data[0] == 0xe4) && (data[1] == 0x01) && (data[2] == 0x00) && (data[3] == 0x00))
-	return 1;
+  if((len == 18) && (data[0] == 0xe4) && (data[1] == 0x01) && (data[2] == 0x00) && (data[3] == 0x00))
+    return 1;
 
-  if ((len == 523) && (data[0] == 0xe4) && (data[1] == 0x09))
-	return 1;
+  if((len == 523) && (data[0] == 0xe4) && (data[1] == 0x09))
+    return 1;
 
-  if ((len == 35) && (data[0] == 0xe4) && (data[1] == 0x21))
-	return 1;
+  if((len == 35) && (data[0] == 0xe4) && (data[1] == 0x21))
+    return 1;
 
-  if ((len == 19) && (data[0] == 0xe4) && (data[1] == 0x4b))
-	return 1;
+  if((len == 19) && (data[0] == 0xe4) && (data[1] == 0x4b))
+    return 1;
 
-  if ((len >= 2) && (data[0] == 0xe4) && (data[1] == 0x11))
-	return 1;
+  if((len >= 2) && (data[0] == 0xe4) && (data[1] == 0x11))
+    return 1;
 
-  if ((len == 22 || len == 38 || len == 28) && (data[0] == 0xe4) && (data[1] == 0x19))
-	return 1;
+  if((len == 22 || len == 38 || len == 28) && (data[0] == 0xe4) && (data[1] == 0x19))
+    return 1;
 
-  if ((len == 35) && (data[0] == 0xe4) && (data[1] == 0x20))
-	return 1;
+  if((len == 35) && (data[0] == 0xe4) && (data[1] == 0x20))
+    return 1;
 
-  if ((len == 27) && (data[0] == 0xe4) && (data[1] == 0x18))
-	return 1;
+  if((len == 27) && (data[0] == 0xe4) && (data[1] == 0x18))
+    return 1;
 
-  if ((len == 27) && (data[0] == 0xe4) && (data[1] == 0x10))
-	return 1;
+  if((len == 27) && (data[0] == 0xe4) && (data[1] == 0x10))
+    return 1;
 
-  if ((len == 6) && (data[0] == 0xe4) && (data[1] == 0x58))
-	return 1;
+  if((len == 6) && (data[0] == 0xe4) && (data[1] == 0x58))
+    return 1;
 
-  if ((len == 4) && (data[0] == 0xe4) && (data[1] == 0x50))
-	return 1;
+  if((len == 4) && (data[0] == 0xe4) && (data[1] == 0x50))
+    return 1;
 
-  if ((len == 36) && (data[0] == 0xe4) && (data[1] == 0x52))
-	return 1;
+  if((len == 36) && (data[0] == 0xe4) && (data[1] == 0x52))
+    return 1;
 
-  if ((len == 48) && (data[0] == 0xe4) && (data[1] == 0x40))
-	return 1;
+  if((len == 48) && (data[0] == 0xe4) && (data[1] == 0x40))
+    return 1;
 
-  if ((len == 225) && (data[0] == 0xe4) && (data[1] == 0x43))
-	return 1;
+  if((len == 225) && (data[0] == 0xe4) && (data[1] == 0x43))
+    return 1;
 
-  if ((len == 19) && (data[0] == 0xe4) && (data[1] == 0x48))
-	return 1;
+  if((len == 19) && (data[0] == 0xe4) && (data[1] == 0x48))
+    return 1;
 
-  if ((len == 119 || len == 69 || len == 294) && (data[0] == 0xe4) && (data[1] == 0x29))
-	return 1;
+  if((len == 119 || len == 69 || len == 294) && (data[0] == 0xe4) && (data[1] == 0x29))
+    return 1;
 
-  if ((len == 119 || len == 69 || len == 294 || len == 44 || len == 269) && (data[0] == 0xe4) && (data[1] == 0x28))
-	return 1;
+  if((len == 119 || len == 69 || len == 294 || len == 44 || len == 269) && (data[0] == 0xe4) && (data[1] == 0x28))
+    return 1;
 
   return 0;
 }
@@ -161,18 +158,20 @@ static int ndpi_edonkey_payload_check(const u_int8_t *data, u_int32_t len) {
 static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &flow->packet;
   u_int32_t payload_len = packet->payload_packet_len;
-
+ 
   /* Break after 20 packets. */
-  if (flow->packet_counter > 20) {
+  if(flow->packet_counter > 20) {
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
     return;
   }
 
+  if(payload_len == 0) return;
+    
   /* Check if we so far detected the protocol in the request or not. */
-  if (flow->edonkey_stage == 0) {
+  if(flow->edonkey_stage == 0) {
     NDPI_LOG_DBG2(ndpi_struct, "EDONKEY stage 0: \n");
 
-    if (ndpi_edonkey_payload_check(packet->payload, payload_len)) {
+    if(ndpi_edonkey_payload_check(packet->payload, payload_len)) {
       NDPI_LOG_DBG2(ndpi_struct, "Possible EDONKEY request detected, we will look further for the response\n");
 
       /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */
@@ -183,12 +182,12 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct,
     NDPI_LOG_DBG2(ndpi_struct, "EDONKEY stage %u: \n", flow->edonkey_stage);
 
     /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */
-    if ((flow->edonkey_stage - packet->packet_direction) == 1) {
+    if((flow->edonkey_stage - packet->packet_direction) == 1) {
       return;
     }
 
     /* This is a packet in another direction. Check if we find the proper response. */
-    if ((payload_len == 0) || (ndpi_edonkey_payload_check(packet->payload, payload_len))) {
+    if((payload_len == 0) || (ndpi_edonkey_payload_check(packet->payload, payload_len))) {
       NDPI_LOG_INFO(ndpi_struct, "found EDONKEY\n");
       ndpi_int_edonkey_add_connection(ndpi_struct, flow);
     } else {
@@ -205,8 +204,8 @@ void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struc
   NDPI_LOG_DBG(ndpi_struct, "search EDONKEY\n");
 
   /* skip marked packets */
-  if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_EDONKEY) {
-    if (packet->tcp_retransmission == 0) {
+  if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_EDONKEY) {
+    if(packet->tcp_retransmission == 0) {
       ndpi_check_edonkey(ndpi_struct, flow);
     }
   }
@@ -225,4 +224,3 @@ void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c
index 016a15621..074468558 100644
--- a/src/lib/protocols/fasttrack.c
+++ b/src/lib/protocols/fasttrack.c
@@ -2,7 +2,7 @@
  * fasttrack.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_FASTTRACK
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FASTTRACK
 
 #include "ndpi_api.h"
@@ -94,5 +92,3 @@ void init_fasttrack_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/fbzero.c b/src/lib/protocols/fbzero.c
index 31acd0c9a..6c818e3c7 100644
--- a/src/lib/protocols/fbzero.c
+++ b/src/lib/protocols/fbzero.c
@@ -22,8 +22,6 @@
 
 /* https://code.facebook.com/posts/608854979307125/building-zero-protocol-for-fast-secure-mobile-connections/ */
 
-#ifdef NDPI_PROTOCOL_FBZERO
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FBZERO
 
 #include "ndpi_api.h"
@@ -86,7 +84,8 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct,
 	 && (t->tag[2] == 'I') && (t->tag[3] == '\0')) {
 	char *value = (char*)&packet->payload[data_offset + data_prev_offset];
 	u_int tag_len = t->tag_offset_len-data_prev_offset, max_len;
-
+	ndpi_protocol_match_result ret_match;
+	
 	max_len = ndpi_min(tag_len, sizeof(flow->host_server_name)-1);
 
 	strncpy((char*)flow->host_server_name, value, max_len);
@@ -101,6 +100,7 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct,
 	  
 	ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name,
 				    strlen((const char *)flow->host_server_name),
+				    &ret_match,
 				    NDPI_PROTOCOL_FBZERO);
 	return;
       }
@@ -129,4 +129,3 @@ void init_fbzero_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/fiesta.c b/src/lib/protocols/fiesta.c
index 9a9c78852..dc7a86fd4 100644
--- a/src/lib/protocols/fiesta.c
+++ b/src/lib/protocols/fiesta.c
@@ -2,7 +2,7 @@
  * fiesta.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_FIESTA
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIESTA
 
 #include "ndpi_api.h"
@@ -105,4 +103,3 @@ void init_fiesta_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-#endif
diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c
index 4f3f9849b..3cc9e070c 100644
--- a/src/lib/protocols/fix.c
+++ b/src/lib/protocols/fix.c
@@ -1,7 +1,7 @@
 /*
  * fix.c
  *
- * Copyright (C) 2017 - ntop.org
+ * Copyright (C) 2017-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_FIX
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIX
 
 #include "ndpi_api.h"
@@ -75,6 +73,3 @@ void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-
-#endif
diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c
index 217874a6a..cca63485f 100644
--- a/src/lib/protocols/florensia.c
+++ b/src/lib/protocols/florensia.c
@@ -2,7 +2,7 @@
  * florensia.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_FLORENSIA
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FLORENSIA
 
 #include "ndpi_api.h"
@@ -129,5 +127,3 @@ void init_florensia_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c
index f23476db0..893f83d68 100644
--- a/src/lib/protocols/ftp_control.c
+++ b/src/lib/protocols/ftp_control.c
@@ -1,7 +1,7 @@
 /*
  * ftp_control.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_FTP_CONTROL
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_CONTROL
 
 #include "ndpi_api.h"
@@ -1014,5 +1012,3 @@ void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c
index ec1e8d7d8..8d3e6fa8c 100644
--- a/src/lib/protocols/ftp_data.c
+++ b/src/lib/protocols/ftp_data.c
@@ -1,7 +1,7 @@
 /*
  * ftp_data.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  * 
  * The signature is based on the Libprotoident library.
  *
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_FTP_DATA
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_DATA
 
 #include "ndpi_api.h"
@@ -258,5 +256,3 @@ void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/git.c b/src/lib/protocols/git.c
index 0b4192289..1e358d79b 100644
--- a/src/lib/protocols/git.c
+++ b/src/lib/protocols/git.c
@@ -1,7 +1,7 @@
 /*
  * git.c
  *
- * Copyright (C) 2012-16 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * This module is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_GIT
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GIT
 
 #include <stdlib.h>
@@ -73,7 +71,6 @@ void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct,
 
 /* ***************************************************************** */
 
-
 void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id,
 			NDPI_PROTOCOL_BITMASK *detection_bitmask)
 {
@@ -86,5 +83,3 @@ void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-
-#endif /* NDPI_PROTOCOL_GIT */
diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c
index 295cfaecd..5bc2980cc 100644
--- a/src/lib/protocols/gnutella.c
+++ b/src/lib/protocols/gnutella.c
@@ -2,7 +2,7 @@
  * gnutella.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_GNUTELLA
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GNUTELLA
 
 #include "ndpi_api.h"
@@ -371,5 +369,3 @@ void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
   *id += 1;
 }
 
-
-#endif
diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c
index 0bdc4d8ee..ffe2b2498 100644
--- a/src/lib/protocols/gtp.c
+++ b/src/lib/protocols/gtp.c
@@ -1,7 +1,7 @@
 /*
  * gtp.c
  *
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  * 
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_GTP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GTP
 
 #include "ndpi_api.h"
@@ -89,5 +87,3 @@ void init_gtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/guildwars.c b/src/lib/protocols/guildwars.c
index 7b6581851..1cf3888cf 100644
--- a/src/lib/protocols/guildwars.c
+++ b/src/lib/protocols/guildwars.c
@@ -2,7 +2,7 @@
  * guildwars.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_GUILDWARS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GUILDWARS
 
 #include "ndpi_api.h"
@@ -78,5 +76,3 @@ void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
     *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c
index 31c353a27..ddbcdadf3 100644
--- a/src/lib/protocols/h323.c
+++ b/src/lib/protocols/h323.c
@@ -1,16 +1,13 @@
 /*
  * h323.c
  *
- * Copyright (C) 2015 ntop.org
+ * Copyright (C) 2015-18 ntop.org
  * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
  *
  */
 
-
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_H323
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_H323
 
 #include "ndpi_api.h"
@@ -115,5 +112,3 @@ void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/halflife2_and_mods.c b/src/lib/protocols/halflife2_and_mods.c
index 5319424fa..446703220 100644
--- a/src/lib/protocols/halflife2_and_mods.c
+++ b/src/lib/protocols/halflife2_and_mods.c
@@ -2,7 +2,7 @@
  * halflife2_and_mods.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_HALFLIFE2
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HALFLIFE2
 
 #include "ndpi_api.h"
@@ -77,5 +75,3 @@ void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c
index de35653ea..fc94aad5f 100644
--- a/src/lib/protocols/hangout.c
+++ b/src/lib/protocols/hangout.c
@@ -1,7 +1,7 @@
 /*
  * hangout.c
  *
- * Copyright (C) 2012-16 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * This module is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_HANGOUT
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HANGOUT
 
 #include "ndpi_api.h"
@@ -109,4 +107,3 @@ void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
   *id += 1;
 }
 
-#endif /* NDPI_PROTOCOL_HANGOUT */
diff --git a/src/lib/protocols/hep.c b/src/lib/protocols/hep.c
index 1c7617c88..02a559af8 100644
--- a/src/lib/protocols/hep.c
+++ b/src/lib/protocols/hep.c
@@ -2,7 +2,7 @@
  * hep.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  * Copyright (C) 2011-15 - QXIP BV
  *
  * This file is part of nDPI, an open source deep packet inspection
@@ -26,8 +26,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_HEP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HEP
 
 #include "ndpi_api.h"
@@ -45,16 +43,17 @@ void ndpi_search_hep(struct ndpi_detection_module_struct *ndpi_struct, struct nd
   const u_int8_t *packet_payload = packet->payload;
   u_int32_t payload_len = packet->payload_packet_len;
 
-    NDPI_LOG_DBG(ndpi_struct, "searching HEP\n");
-    if (payload_len > 10) {
-	    if (memcmp(packet_payload, "HEP3", 4) == 0) {
-	      NDPI_LOG_INFO(ndpi_struct, "found HEP3\n");
-	      ndpi_int_hep_add_connection(ndpi_struct, flow);
-	      return;
-	    } 
-    }
+  NDPI_LOG_DBG(ndpi_struct, "searching HEP\n");
+
+  if(payload_len > 10) {
+    if(memcmp(packet_payload, "HEP3", 4) == 0) {
+      NDPI_LOG_INFO(ndpi_struct, "found HEP3\n");
+      ndpi_int_hep_add_connection(ndpi_struct, flow);
+      return;
+    } 
+  }
 
-    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 }
 
 
@@ -69,5 +68,3 @@ void init_hep_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index ac5b9d173..09b816129 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -1,7 +1,7 @@
 /*
  * http.c
  *
- * Copyright (C) 2011-17 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,12 +23,10 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_HTTP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP
 
 #include "ndpi_api.h"
-
+#include "lruc.h"
 
 /* global variables used for 1kxun protocol and iqiyi service */
 
@@ -121,7 +119,6 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str
 }
 #endif
 
-#ifdef NDPI_PROTOCOL_TEAMVIEWER
 static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
 {
   struct ndpi_packet_struct *packet = &flow->packet;
@@ -140,10 +137,7 @@ static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *n
     ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER);
   }
 }
-#endif
 
-
-#ifdef NDPI_PROTOCOL_RTSP
 static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct
 					 *ndpi_struct, struct ndpi_flow_struct *flow)
 {
@@ -154,7 +148,6 @@ static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct
     ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTSP);
   }
 }
-#endif
 
 static void setHttpUserAgent(struct ndpi_detection_module_struct *ndpi_struct,
 			     struct ndpi_flow_struct *flow, char *ua) {
@@ -179,7 +172,8 @@ static void setHttpUserAgent(struct ndpi_detection_module_struct *ndpi_struct,
 static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   if((flow->l4.tcp.http_stage == 0) || (flow->http.url && flow->http_detected)) {
       char *double_col = strchr((char*)flow->host_server_name, ':');
-
+      ndpi_protocol_match_result ret_match;
+      
       if(double_col) double_col[0] = '\0';
 
     /**
@@ -189,6 +183,7 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc
     */
     ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name,
 				strlen((const char *)flow->host_server_name),
+				&ret_match,
 				NDPI_PROTOCOL_HTTP);
   }
 }
@@ -356,12 +351,16 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
 	     packet->host_line.len, packet->host_line.ptr);
 
     /* call ndpi_match_host_subprotocol to see if there is a match with known-host HTTP subprotocol */
-    if((ndpi_struct->http_dont_dissect_response) || flow->http_detected)
+    if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) {
+      ndpi_protocol_match_result ret_match;
+      
       ndpi_match_host_subprotocol(ndpi_struct, flow,
 				  (char*)packet->host_line.ptr,
 				  packet->host_line.len,
+				  &ret_match,
 				  NDPI_PROTOCOL_HTTP);
-
+    }
+    
     /* Copy result for nDPI apps */
     if(!ndpi_struct->disable_metadata_export) {
       len = ndpi_min(packet->host_line.len, sizeof(flow->host_server_name)-1);
@@ -402,12 +401,16 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
 
     if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
        && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected)
-       && (packet->http_origin.len > 0))
+       && (packet->http_origin.len > 0)) {
+      ndpi_protocol_match_result ret_match;
+      
       ndpi_match_host_subprotocol(ndpi_struct, flow,
 				  (char *)packet->http_origin.ptr,
 				  packet->http_origin.len,
+				  &ret_match,
 				  NDPI_PROTOCOL_HTTP);
-
+    }
+    
     if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) {
       if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) {
 	NDPI_LOG_INFO(ndpi_struct, "found HTTP/%s\n", 
@@ -428,34 +431,32 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
   if(packet->accept_line.ptr != NULL) {
     NDPI_LOG_DBG2(ndpi_struct, "Accept line found %.*s\n",
 	     packet->accept_line.len, packet->accept_line.ptr);
-#ifdef NDPI_PROTOCOL_RTSP
-    if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_RTSP) != 0) {
+    if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask,
+					NDPI_PROTOCOL_RTSP) != 0) {
       rtsp_parse_packet_acceptline(ndpi_struct, flow);
     }
-#endif
   }
 
   /* search for line startin with "Icy-MetaData" */
-#ifdef NDPI_CONTENT_CATEGORY_MPEG
-  for (a = 0; a < packet->parsed_lines; a++) {
+    for (a = 0; a < packet->parsed_lines; a++) {
     if(packet->line[a].len > 11 && memcmp(packet->line[a].ptr, "Icy-MetaData", 12) == 0) {
-      NDPI_LOG_INFO(ndpi_struct, "found MPEG: Icy-MetaData\n");
-      ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_CATEGORY_MPEG);
-      return;
-    }
+    NDPI_LOG_INFO(ndpi_struct, "found MPEG: Icy-MetaData\n");
+    ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_CATEGORY_MPEG);
+    return;
+  }
   }
-#ifdef NDPI_CONTENT_CATEGORY_AVI
-#endif
-#endif
 
   if(packet->content_line.ptr != NULL && packet->content_line.len != 0) {
     NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n",
 	     packet->content_line.len, packet->content_line.ptr);
 
-    if((ndpi_struct->http_dont_dissect_response) || flow->http_detected)
+    if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) {
+      ndpi_protocol_match_result ret_match;
+      
       ndpi_match_content_subprotocol(ndpi_struct, flow,
 				     (char*)packet->content_line.ptr, packet->content_line.len,
-				     NDPI_PROTOCOL_HTTP);
+				     &ret_match, NDPI_PROTOCOL_HTTP);
+    }
   }
 }
 
@@ -471,10 +472,8 @@ static void check_http_payload(struct ndpi_detection_module_struct *ndpi_struct,
   if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_CONTENT_CATEGORY_AVI) != 0)
     avi_check_http_payload(ndpi_struct, flow);
 #endif
-#ifdef NDPI_PROTOCOL_TEAMVIEWER
-  teamviewer_check_http_payload(ndpi_struct, flow);
-#endif
 
+  teamviewer_check_http_payload(ndpi_struct, flow);
 }
 
 /**
@@ -550,9 +549,8 @@ static void http_bitmask_exclude_other(struct ndpi_flow_struct *flow)
 #ifdef NDPI_CONTENT_CATEGORY_OGG
   NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_OGG);
 #endif
-#ifdef NDPI_PROTOCOL_XBOX
+
   NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX);
-#endif
 }
 
 /*************************************************************************************************/
@@ -615,7 +613,23 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
           <allow-access-from domain="*.speedtest.net" to-ports="8080"/>
           </cross-domain-policy>
         */
+      ookla_found:
         ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN);
+
+	if(ndpi_struct->ookla_cache == NULL)
+	  ndpi_struct->ookla_cache = lruc_new(4*1024, 1024);	 	
+	
+	if(ndpi_struct->ookla_cache != NULL) {
+	  u_int8_t *dummy = (u_int8_t*)ndpi_malloc(sizeof(u_int8_t));
+
+	  if(dummy) {
+	    if(packet->tcp->source == htons(8080))
+	      lruc_set((lruc*)ndpi_struct->ookla_cache, (void*)&packet->iph->saddr, 4, dummy, 1);
+	    else
+	      lruc_set((lruc*)ndpi_struct->ookla_cache, (void*)&packet->iph->daddr, 4, dummy, 1);
+	  }
+	}
+	
         return;
       }
       
@@ -665,9 +679,8 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
 
       /* Check for Ookla */
       if((packet->referer_line.len > 0)
-	      && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) {
-	    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP);
-	    return;
+	 && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) {
+	goto ookla_found;
       }
 
       /* Check for additional field introduced by Steam */
@@ -784,17 +797,15 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
     
     if((packet->payload_packet_len == 34) && (flow->l4.tcp.http_stage == 1)) {
       if((packet->payload[5] == ' ') && (packet->payload[9] == ' ')) {
-	      ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA);
-	      return;
+	goto ookla_found;
       }
     }
     
     if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) {
        /* This looks like Ookla */
-      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN);
-      return;
+      goto ookla_found;
     } else
-	    NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA);    
+      NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA);    
     
     /**
        At first check, if this is for sure a response packet (in another direction. If not, if HTTP is detected do nothing now and return,
@@ -1007,7 +1018,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 #endif
-#ifdef NDPI_PROTOCOL_XBOX
+
   ndpi_set_bitmask_protocol_detection("Xbox", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_XBOX,
 				      ndpi_search_http_tcp,
@@ -1015,8 +1026,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
-#ifdef NDPI_PROTOCOL_QQ
+
   ndpi_set_bitmask_protocol_detection("QQ", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_QQ,
 				      ndpi_search_http_tcp,
@@ -1024,7 +1034,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
+
 #ifdef NDPI_CONTENT_CATEGORY_AVI
   ndpi_set_bitmask_protocol_detection("AVI", ndpi_struct, detection_bitmask, *id,
 				      NDPI_CONTENT_CATEGORY_AVI,
@@ -1069,7 +1079,4 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   a++;
 
 #endif
-
 }
-
-#endif
diff --git a/src/lib/protocols/http_activesync.c b/src/lib/protocols/http_activesync.c
index 55451f6bf..0bf267290 100644
--- a/src/lib/protocols/http_activesync.c
+++ b/src/lib/protocols/http_activesync.c
@@ -2,7 +2,7 @@
  * http_activesync.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -26,42 +26,39 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP_ACTIVESYNC
 
 #include "ndpi_api.h"
 
 static void ndpi_int_activesync_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
 {
-  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, NDPI_PROTOCOL_HTTP);
+  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_ACTIVESYNC, NDPI_PROTOCOL_HTTP);
 }
 
 void ndpi_search_activesync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
 {
-	struct ndpi_packet_struct *packet = &flow->packet;
+  struct ndpi_packet_struct *packet = &flow->packet;
 	
-	NDPI_LOG_DBG(ndpi_struct, "search activesync\n");
-	if (packet->tcp != NULL) {
-
-		if (packet->payload_packet_len > 150
-			&& ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0)
-				|| (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) {
-			ndpi_int_activesync_add_connection(ndpi_struct, flow);
-			NDPI_LOG_INFO(ndpi_struct, "found ActiveSync \n");
-			return;
-		}
-	}
+  NDPI_LOG_DBG(ndpi_struct, "search activesync\n");
+  if (packet->tcp != NULL) {
 
-	NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    if (packet->payload_packet_len > 150
+	&& ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0)
+	    || (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) {
+      ndpi_int_activesync_add_connection(ndpi_struct, flow);
+      NDPI_LOG_INFO(ndpi_struct, "found ActiveSync \n");
+      return;
+    }
+  }
 
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 }
 
-
-void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+				    u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
 {
   ndpi_set_bitmask_protocol_detection("HTTP_Application_ActiveSync", ndpi_struct, detection_bitmask, *id,
-				      NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC,
+				      NDPI_PROTOCOL_HTTP_ACTIVESYNC,
 				      ndpi_search_activesync,
 				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
@@ -70,4 +67,3 @@ void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_st
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/iax.c b/src/lib/protocols/iax.c
index 7f6e960f1..104a59be4 100644
--- a/src/lib/protocols/iax.c
+++ b/src/lib/protocols/iax.c
@@ -2,7 +2,7 @@
  * iax.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_IAX
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IAX
 
 #include "ndpi_api.h"
@@ -107,5 +105,3 @@ void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c
index 23aca33e9..515d5b572 100644
--- a/src/lib/protocols/icecast.c
+++ b/src/lib/protocols/icecast.c
@@ -2,7 +2,7 @@
  * icecast.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_ICECAST
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ICECAST
 
 #include "ndpi_api.h"
@@ -42,13 +40,13 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s
 
   NDPI_LOG_DBG(ndpi_struct, "search icecast\n");
 
-  if ((packet->payload_packet_len < 500 &&
+  if((packet->payload_packet_len < 500 &&
        packet->payload_packet_len >= 7 && memcmp(packet->payload, "SOURCE ", 7) == 0)
       || flow->l4.tcp.icecast_stage) {
     ndpi_parse_packet_line_info_any(ndpi_struct, flow);
     NDPI_LOG_DBG2(ndpi_struct, "Icecast lines=%d\n", packet->parsed_lines);
     for (i = 0; i < packet->parsed_lines; i++) {
-      if (packet->line[i].ptr != NULL && packet->line[i].len > 4
+      if(packet->line[i].ptr != NULL && packet->line[i].len > 4
 	  && memcmp(packet->line[i].ptr, "ice-", 4) == 0) {
 	NDPI_LOG_INFO(ndpi_struct, "found Icecast\n");
 	ndpi_int_icecast_add_connection(ndpi_struct, flow);
@@ -56,28 +54,30 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s
       }
     }
 
-    if (packet->parsed_lines < 1 && !flow->l4.tcp.icecast_stage) {
+    if(packet->parsed_lines < 1 && !flow->l4.tcp.icecast_stage) {
       flow->l4.tcp.icecast_stage = 1;
       return;
     }
   }
-#ifdef NDPI_PROTOCOL_HTTP
-  if (NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_HTTP)) {
+
+  if(NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_HTTP)) {
     goto icecast_exclude;
   }
-#endif
 
-  if (packet->packet_direction == flow->setup_packet_direction && flow->packet_counter < 10) {
+  if((packet->packet_direction == flow->setup_packet_direction)
+      && (flow->packet_counter < 10)) {
     return;
   }
 
-  if (packet->packet_direction != flow->setup_packet_direction) {
+  if(packet->packet_direction != flow->setup_packet_direction) {
     /* server answer, now test Server for Icecast */
 
     ndpi_parse_packet_line_info(ndpi_struct, flow);
 
-    if (packet->server_line.ptr != NULL && packet->server_line.len > NDPI_STATICSTRING_LEN("Icecast") &&
-	memcmp(packet->server_line.ptr, "Icecast", NDPI_STATICSTRING_LEN("Icecast")) == 0) {
+    if((packet->server_line.ptr != NULL)
+       && (packet->server_line.len > NDPI_STATICSTRING_LEN("Icecast"))
+       &&  memcmp(packet->server_line.ptr, "Icecast",
+		  NDPI_STATICSTRING_LEN("Icecast")) == 0) {
       /* TODO maybe store the previous protocol type as subtype?
        *      e.g. ogg or mpeg
        */
@@ -103,5 +103,3 @@ void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/ipp.c b/src/lib/protocols/ipp.c
index fcf25a758..4f4f2438f 100644
--- a/src/lib/protocols/ipp.c
+++ b/src/lib/protocols/ipp.c
@@ -2,7 +2,7 @@
  * ipp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_IPP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IPP
 
 #include "ndpi_api.h"
@@ -123,5 +121,3 @@ void init_ipp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c
index 7bdd543c3..12660b528 100644
--- a/src/lib/protocols/irc.c
+++ b/src/lib/protocols/irc.c
@@ -2,7 +2,7 @@
  * irc.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_IRC
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IRC
 
 #include "ndpi_api.h"
@@ -778,8 +776,8 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
   }
 }
 
-
-void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+			u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
 {
   ndpi_set_bitmask_protocol_detection("IRC", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_IRC,
@@ -791,4 +789,3 @@ void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c
index 05950d8c5..3917b8b20 100644
--- a/src/lib/protocols/jabber.c
+++ b/src/lib/protocols/jabber.c
@@ -2,7 +2,7 @@
  * jabber.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNENCRYPTED_JABBER
 
 #include "ndpi_api.h"
@@ -36,10 +34,8 @@ struct jabber_string {
 };
 
 static struct jabber_string jabber_strings[] = {
-#ifdef NDPI_PROTOCOL_TRUPHONE
   { "='im.truphone.com'",     NDPI_PROTOCOL_TRUPHONE },
   { "=\"im.truphone.com\"",   NDPI_PROTOCOL_TRUPHONE },
-#endif
   { NULL, 0 }
 };
 
@@ -289,9 +285,8 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st
 
   NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 
-#ifdef NDPI_PROTOCOL_TRUPHONE
-  ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TRUPHONE,__FILE__,__FUNCTION__,__LINE__);
-#endif
+  ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TRUPHONE,
+			__FILE__,__FUNCTION__,__LINE__);
 }
 
 
@@ -306,4 +301,4 @@ void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-#endif
+
diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c
index 87c1ef061..1869e06db 100644
--- a/src/lib/protocols/kakaotalk_voice.c
+++ b/src/lib/protocols/kakaotalk_voice.c
@@ -1,7 +1,7 @@
 /*
  * kakaotalk_voice.c
  *
- * Copyright (C) 2015 - ntop.org
+ * Copyright (C) 2015-18 - ntop.org
  *
  * This module is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -26,8 +26,6 @@
 */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_KAKAOTALK_VOICE
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KAKAOTALK_VOICE
 
 #include "ndpi_api.h"
@@ -66,7 +64,8 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc
 }
 
 
-void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+				    u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
 {
   ndpi_set_bitmask_protocol_detection("KakaoTalk_Voice", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_KAKAOTALK_VOICE,
@@ -77,4 +76,3 @@ void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_st
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index 71f4a8636..8b059a1a2 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -2,7 +2,7 @@
  * kerberos.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_KERBEROS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KERBEROS
 
 #include "ndpi_api.h"
@@ -80,4 +78,3 @@ void init_kerberos_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/kontiki.c b/src/lib/protocols/kontiki.c
index 425fd6b1b..4882c7797 100644
--- a/src/lib/protocols/kontiki.c
+++ b/src/lib/protocols/kontiki.c
@@ -2,7 +2,7 @@
  * kontiki.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_KONTIKI
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KONTIKI
 
 #include "ndpi_api.h"
@@ -66,7 +64,8 @@ void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struc
 }
 
 
-void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+			    u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
 {
   ndpi_set_bitmask_protocol_detection("Kontiki", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_KONTIKI,
@@ -78,4 +77,3 @@ void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c
index 4adb7c471..49b1a39d4 100644
--- a/src/lib/protocols/ldap.c
+++ b/src/lib/protocols/ldap.c
@@ -2,7 +2,7 @@
  * ldap.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_LDAP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LDAP
 
 #include "ndpi_api.h"
@@ -104,4 +102,3 @@ void init_ldap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c
index e507be9f9..7343ca034 100644
--- a/src/lib/protocols/lisp.c
+++ b/src/lib/protocols/lisp.c
@@ -1,12 +1,30 @@
-#include "ndpi_protocol_ids.h"
+/*
+ * list.c
+ *
+ * Copyright (C) 2017-18 - ntop.org
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
 
-#ifdef NDPI_PROTOCOL_LISP
+#include "ndpi_protocol_ids.h"
 
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LISP
 
 #include "ndpi_api.h"
 
-#define LISP_PORT 4341
+#define LISP_PORT  4341
 #define LISP_PORT1 4342
 
 static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
@@ -68,4 +86,3 @@ void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c
index 5750c50cd..d5f8f1310 100644
--- a/src/lib/protocols/lotus_notes.c
+++ b/src/lib/protocols/lotus_notes.c
@@ -1,7 +1,7 @@
 /*
  * lotus_notes.c
  *
- * Copyright (C) 2012-15 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,13 +20,10 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_LOTUS_NOTES
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LOTUS_NOTES
 
 #include "ndpi_api.h"
 
-
 /* ************************************ */
 
 static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct, 
@@ -84,4 +81,3 @@ void init_lotus_notes_dissector(struct ndpi_detection_module_struct *ndpi_struct
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c
index 2c3d3d2d7..65341cdc8 100644
--- a/src/lib/protocols/mail_imap.c
+++ b/src/lib/protocols/mail_imap.c
@@ -1,7 +1,7 @@
 /*
  * mail_imap.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MAIL_IMAP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_IMAP
 
 #include "ndpi_api.h"
@@ -48,12 +46,10 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct,
   NDPI_LOG_DBG(ndpi_struct, "search IMAP_IMAP\n");
   
   if (flow->l4.tcp.mail_imap_starttls == 2) {
-#ifdef NDPI_PROTOCOL_SSL
     NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n");
     NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_IMAP);
     NDPI_DEL_PROTOCOL_FROM_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSL);
     return;
-#endif
   }
 
   if (packet->payload_packet_len >= 4 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) {
@@ -320,5 +316,3 @@ void init_mail_imap_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c
index 4f9a6ea5f..83847f1f8 100644
--- a/src/lib/protocols/mail_pop.c
+++ b/src/lib/protocols/mail_pop.c
@@ -2,7 +2,7 @@
  * mail_pop.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MAIL_POP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_POP
 
 #include "ndpi_api.h"
@@ -212,5 +210,3 @@ void init_mail_pop_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c
index 252c74ffe..f7fbd337c 100644
--- a/src/lib/protocols/mail_smtp.c
+++ b/src/lib/protocols/mail_smtp.c
@@ -2,7 +2,7 @@
  * mail_smtp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MAIL_SMTP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_SMTP
 
 #include "ndpi_api.h"
@@ -189,4 +187,3 @@ void init_mail_smtp_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/maplestory.c b/src/lib/protocols/maplestory.c
index a55c2cc11..e45729b8b 100644
--- a/src/lib/protocols/maplestory.c
+++ b/src/lib/protocols/maplestory.c
@@ -2,7 +2,7 @@
  * maplestory.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MAPLESTORY
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAPLESTORY
 
 #include "ndpi_api.h"
@@ -94,5 +92,3 @@ void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns_proto.c
index 17a6d921d..77bdf4208 100644
--- a/src/lib/protocols/mdns.c
+++ b/src/lib/protocols/mdns_proto.c
@@ -1,7 +1,7 @@
 /*
  * mdns.c
  *
- * Copyright (C) 2016-17 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -22,8 +22,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MDNS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MDNS
 
 #include "ndpi_api.h"
@@ -159,4 +157,3 @@ void init_mdns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/megaco.c b/src/lib/protocols/megaco.c
index bb317f5d5..e4b694ea6 100644
--- a/src/lib/protocols/megaco.c
+++ b/src/lib/protocols/megaco.c
@@ -2,7 +2,7 @@
  * megaco.c 
  *
  * Copyright (C) 2014 by Gianluca Costa http://www.capanalysis.net
- * Copyright (C) 2012-15 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * This module is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,14 +20,13 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MEGACO
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MEGACO
 
 #include "ndpi_api.h"
 
 
-void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct,
+			struct ndpi_flow_struct *flow)
 {
   struct ndpi_packet_struct *packet = &flow->packet;
   
@@ -61,4 +60,3 @@ void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-#endif
diff --git a/src/lib/protocols/memcached.c b/src/lib/protocols/memcached.c
new file mode 100644
index 000000000..e9deb5cc9
--- /dev/null
+++ b/src/lib/protocols/memcached.c
@@ -0,0 +1,189 @@
+/*
+ * memcached.c
+ *
+ * Copyright (C) 2009-2011 by ipoque GmbH
+ * Copyright (C) 2011-18 - ntop.org
+ * Copyright (C) 2018 - eGloo Incorporated
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "ndpi_protocol_ids.h"
+
+#define NDPI_CURRENT_PROTO      NDPI_PROTOCOL_MEMCACHED
+
+#include "ndpi_api.h"
+
+#define MCDC_SET                "set "
+#define MCDC_SET_LEN            (sizeof(MCDC_SET) - 1)
+#define MCDC_ADD                "add "
+#define MCDC_ADD_LEN            (sizeof(MCDC_ADD) - 1)
+#define MCDC_REPLACE            "replace "
+#define MCDC_REPLACE_LEN        (sizeof(MCDC_REPLACE) - 1)
+#define MCDC_APPEND             "append "
+#define MCDC_APPEND_LEN         (sizeof(MCDC_APPEND) - 1)
+#define MCDC_PREPEND            "prepend "
+#define MCDC_PREPEND_LEN        (sizeof(MCDC_PREPEND) - 1)
+#define MCDC_CAS                "cas "
+#define MCDC_CAS_LEN            (sizeof(MCDC_CAS) - 1)
+#define MCDC_GET                "get "
+#define MCDC_GET_LEN            (sizeof(MCDC_GET) - 1)
+#define MCDC_GETS               "gets "
+#define MCDC_GETS_LEN           (sizeof(MCDC_GETS) - 1)
+#define MCDC_DELETE             "delete "
+#define MCDC_DELETE_LEN         (sizeof(MCDC_DELETE) - 1)
+#define MCDC_INCR               "incr "
+#define MCDC_INCR_LEN           (sizeof(MCDC_INCR) - 1)
+#define MCDC_DECR               "decr "
+#define MCDC_DECR_LEN           (sizeof(MCDC_DECR) - 1)
+#define MCDC_TOUCH              "touch "
+#define MCDC_TOUCH_LEN          (sizeof(MCDC_TOUCH) - 1)
+#define MCDC_GAT                "gat "
+#define MCDC_GAT_LEN            (sizeof(MCDC_GAT) - 1)
+#define MCDC_GATS               "gats "
+#define MCDC_GATS_LEN           (sizeof(MCDC_GATS) - 1)
+#define MCDC_STATS              "stats"
+#define MCDC_STATS_LEN          (sizeof(MCDC_STATS) - 1)
+
+#define MCDR_ERROR              "ERROR\r\n"
+#define MCDR_ERROR_LEN          (sizeof(MCDR_ERROR) - 1)
+#define MCDR_CLIENT_ERROR       "CLIENT_ERROR "
+#define MCDR_CLIENT_ERROR_LEN   (sizeof(MCDR_CLIENT_ERROR) - 1)
+#define MCDR_SERVER_ERROR       "SERVER_ERROR "
+#define MCDR_SERVER_ERROR_LEN   (sizeof(MCDR_SERVER_ERROR) - 1)
+#define MCDR_STORED             "STORED\r\n"
+#define MCDR_STORED_LEN         (sizeof(MCDR_STORED) - 1)
+#define MCDR_NOT_STORED         "NOT_STORED\r\n"
+#define MCDR_NOT_STORED_LEN     (sizeof(MCDR_NOT_STORED) - 1)
+#define MCDR_EXISTS             "EXISTS\r\n"
+#define MCDR_EXISTS_LEN         (sizeof(MCDR_EXISTS) - 1)
+#define MCDR_NOT_FOUND          "NOT_FOUND\r\n"
+#define MCDR_NOT_FOUND_LEN      (sizeof(MCDR_NOT_FOUND) - 1)
+#define MCDR_END                "END\r\n"
+#define MCDR_END_LEN            (sizeof(MCDR_END) - 1)
+#define MCDR_DELETED            "DELETED\r\n"
+#define MCDR_DELETED_LEN        (sizeof(MCDR_DELETED) - 1)
+#define MCDR_TOUCHED            "TOUCHED\r\n"
+#define MCDR_TOUCHED_LEN        (sizeof(MCDR_TOUCHED) - 1)
+#define MCDR_STAT               "STAT "
+#define MCDR_STAT_LEN           (sizeof(MCDR_STAT) - 1)
+
+#define MEMCACHED_UDP_HDR_LEN   8
+#define MEMCACHED_MIN_LEN       MCDR_END_LEN
+#define MEMCACHED_MIN_UDP_LEN   (MEMCACHED_MIN_LEN + MEMCACHED_UDP_HDR_LEN)
+
+#define MEMCACHED_MIN_MATCH     2 /* Minimum number of command/responses required */
+
+#define MEMCACHED_MATCH(cr)     memcmp(offset, cr, cr ## _LEN)
+
+static void ndpi_int_memcached_add_connection(struct ndpi_detection_module_struct
+        *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+    NDPI_LOG_INFO(ndpi_struct, "found memcached\n");
+    ndpi_set_detected_protocol(ndpi_struct, flow,
+        NDPI_PROTOCOL_MEMCACHED, NDPI_PROTOCOL_UNKNOWN);
+}
+
+void ndpi_search_memcached(
+        struct ndpi_detection_module_struct *ndpi_struct,
+        struct ndpi_flow_struct *flow)
+{
+    struct ndpi_packet_struct *packet = &flow->packet;
+    const u_int8_t *offset = packet->payload;
+    u_int8_t *matches;
+
+    NDPI_LOG_DBG(ndpi_struct, "search memcached\n");
+
+    if (packet->tcp != NULL) {
+        if (packet->payload_packet_len < MEMCACHED_MIN_LEN) {
+            NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+            return;
+        }
+
+        matches = &flow->l4.tcp.memcached_matches;
+    }
+    else if (packet->udp != NULL) {
+        if (packet->payload_packet_len < MEMCACHED_MIN_UDP_LEN) {
+            NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+            return;
+        }
+
+        if ((offset[4] == 0x00 && offset[5] == 0x00) ||
+                offset[6] != 0x00 || offset[7] != 0x00) {
+            NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+            return;
+        }
+
+        offset += MEMCACHED_UDP_HDR_LEN;
+        matches = &flow->l4.udp.memcached_matches;
+    }
+    else {
+        NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+        return;
+    }
+
+    /* grep MCD memcached.c |\
+     *  egrep -v '(LEN|MATCH)' |\
+     *  sed -e 's/^#define //g' |\
+     *  awk '{ printf "else if (! MEMCACHED_MATCH(%s)) *matches += 1;\n",$1 }' */
+
+    if (! MEMCACHED_MATCH(MCDC_SET)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_ADD)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_REPLACE)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_APPEND)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_PREPEND)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_CAS)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_GET)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_GETS)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_DELETE)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_INCR)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_DECR)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_TOUCH)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_GAT)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_GATS)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDC_STATS)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_ERROR)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_CLIENT_ERROR)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_SERVER_ERROR)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_STORED)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_NOT_STORED)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_EXISTS)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_NOT_FOUND)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_END)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_DELETED)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_TOUCHED)) *matches += 1;
+    else if (! MEMCACHED_MATCH(MCDR_STAT)) *matches += 1;
+
+    if (*matches >= MEMCACHED_MIN_MATCH)
+        ndpi_int_memcached_add_connection(ndpi_struct, flow);
+}
+
+void init_memcached_dissector(
+        struct ndpi_detection_module_struct *ndpi_struct,
+        u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+    ndpi_set_bitmask_protocol_detection("MEMCACHED",
+            ndpi_struct, detection_bitmask, *id,
+            NDPI_PROTOCOL_MEMCACHED,
+            ndpi_search_memcached,
+            NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+            SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+            ADD_TO_DETECTION_BITMASK);
+
+    *id += 1;
+}
diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c
index 69fe33fac..86fadcb63 100644
--- a/src/lib/protocols/mgcp.c
+++ b/src/lib/protocols/mgcp.c
@@ -1,7 +1,7 @@
 /*
  * mgcp.c
  *
- * Copyright (C) 2017 - ntop.org
+ * Copyright (C) 2017-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,14 +23,10 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MGCP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MGCP
 
 #include "ndpi_api.h"
 
-
-
 static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct
 					 *ndpi_struct, struct ndpi_flow_struct *flow)
 {
@@ -93,4 +89,3 @@ void init_mgpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c
new file mode 100644
index 000000000..ec094e7d3
--- /dev/null
+++ b/src/lib/protocols/mining.c
@@ -0,0 +1,94 @@
+/*
+ * mining.c [Bitcoin, Ethereum, ZCash, Monero]
+ *
+ * Copyright (C) 2018 - ntop.org
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+#include "ndpi_protocol_ids.h"
+
+#include "ndpi_api.h"
+
+void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct,
+			    struct ndpi_flow_struct *flow) {
+  struct ndpi_packet_struct *packet = &flow->packet;
+
+  NDPI_LOG_DBG(ndpi_struct, "search MINING\n");
+
+  /* Check connection over TCP */
+  if(packet->tcp && (packet->payload_packet_len > 10)) {
+
+    if(packet->tcp->source == htons(8333)) {
+      /*
+	Bitcoin
+	
+	bitcoin.magic == 0xf9beb4d9 || bitcoin.magic == 0xfabfb5da
+      */
+      u_int32_t magic = htonl(0xf9beb4d9), magic1 = htonl(0xfabfb5da), *to_match = (u_int32_t*)packet->payload;
+      
+      if((*to_match == magic) || (*to_match == magic1)) {
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN);
+      }
+    } if(ndpi_strnstr((const char *)packet->payload, "\"eth1.0\"", packet->payload_packet_len)
+	 || ndpi_strnstr((const char *)packet->payload, "\"worker\"", packet->payload_packet_len)
+	 || ndpi_strnstr((const char *)packet->payload, "\"id\"", packet->payload_packet_len)) {
+      /*
+	Ethereum
+	
+	{"worker": "eth1.0", "jsonrpc": "2.0", "params": ["0x0fccfff9e61a230ff380530c6827caf4759337c6.rig2", "x"], "id": 2, "method": "eth_submitLogin"}
+	{ "id": 2, "jsonrpc":"2.0","result":true}
+	{"worker": "", "jsonrpc": "2.0", "params": [], "id": 3, "method": "eth_getWork"}
+      */
+      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN);
+    } else if(ndpi_strnstr((const char *)packet->payload, "\"method\"", packet->payload_packet_len)
+	      || ndpi_strnstr((const char *)packet->payload, "\"blob\"", packet->payload_packet_len)
+	      || ndpi_strnstr((const char *)packet->payload, "\"id\"", packet->payload_packet_len)) {
+      /*
+	ZCash
+
+	{"method":"login","params":{"login":"4BCeEPhodgPMbPWFN1dPwhWXdRX8q4mhhdZdA1dtSMLTLCEYvAj9QXjXAfF7CugEbmfBhgkqHbdgK9b2wKA6nqRZQCgvCDm.cb2b73415c4faf214035a73b9d947c202342f3bf3bdf632132bd6d7af98cb257.ryzen","pass":"x","agent":"xmr-stak-cpu/1.3.0-1.5.0"},"id":1}
+	{"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"479059546883218","job":{"blob":"0606e89883d205a65d8ee78991838a1cf3ec2ebbc5fb1fa43dec5fa1cd2bee4069212a549cd731000000005a88235653097aa3e97ef2ceef4aee610751a828f9be1a0758a78365fb0a4c8c05","job_id":"722134174127131","target":"dc460300"},"status":"OK"}}
+	{"method":"submit","params":{"id":"479059546883218","job_id":"722134174127131","nonce":"98024001","result":"c9be9381a68d533c059d614d961e0534d7d8785dd5c339c2f9596eb95f320100"},"id":1}
+
+	Monero
+	
+	{"method":"login","params":{"login":"4BCeEPhodgPMbPWFN1dPwhWXdRX8q4mhhdZdA1dtSMLTLCEYvAj9QXjXAfF7CugEbmfBhgkqHbdgK9b2wKA6nqRZQCgvCDm.cb2b73415c4faf214035a73b9d947c202342f3bf3bdf632132bd6d7af98cb257.ryzen","pass":"x","agent":"xmr-stak-cpu/1.3.0-1.5.0"},"id":1}
+	{"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"479059546883218","job":{"blob":"0606e89883d205a65d8ee78991838a1cf3ec2ebbc5fb1fa43dec5fa1cd2bee4069212a549cd731000000005a88235653097aa3e97ef2ceef4aee610751a828f9be1a0758a78365fb0a4c8c05","job_id":"722134174127131","target":"dc460300"},"status":"OK"}}
+	{"method":"submit","params":{"id":"479059546883218","job_id":"722134174127131","nonce":"98024001","result":"c9be9381a68d533c059d614d961e0534d7d8785dd5c339c2f9596eb95f320100"},"id":1}
+      */
+      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN);
+    }
+  }
+
+  ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, __FILE__, __FUNCTION__, __LINE__);
+}
+
+
+void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+			   u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+  ndpi_set_bitmask_protocol_detection("Mining", ndpi_struct, detection_bitmask, *id,
+				      NDPI_PROTOCOL_MINING,
+				      ndpi_search_mining_tcp,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+				      ADD_TO_DETECTION_BITMASK);
+
+  *id += 1;
+}
+
diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c
index 3558bdce7..c1f227565 100644
--- a/src/lib/protocols/mpegts.c
+++ b/src/lib/protocols/mpegts.c
@@ -2,7 +2,7 @@
  * mpegts.c (MPEG Transport Stream)
  *          https://en.wikipedia.org/wiki/MPEG_transport_stream
  *
- * Copyright (C) 2015 - ntop.org
+ * Copyright (C) 2015-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -21,8 +21,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MPEGTS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MPEGTS
 
 #include "ndpi_api.h"
@@ -65,4 +63,3 @@ void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c
index 950dde5d1..45669c03a 100644
--- a/src/lib/protocols/mqtt.c
+++ b/src/lib/protocols/mqtt.c
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MQTT
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MQTT
 
 #include "ndpi_api.h"
@@ -232,7 +230,7 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct,
 			NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT);
 			return;
 		} else {
-			NDPI_LOG_INFO(ndpi_struct, "found Mqtt UNSUBSCRIBE\n",pt);
+			NDPI_LOG_INFO(ndpi_struct, "found Mqtt UNSUBSCRIBE\n");
 			ndpi_int_mqtt_add_connection(ndpi_struct,flow);
 			return;
 		}
@@ -255,5 +253,4 @@ void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct,
 	*id +=1;
 }
 
-#endif // NDPI_PROTOCOL_MQTT
 
diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c
index ec090cf00..8ab45ad32 100644
--- a/src/lib/protocols/msn.c
+++ b/src/lib/protocols/msn.c
@@ -2,7 +2,7 @@
  * msn.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,9 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-
-#ifdef NDPI_PROTOCOL_MSN
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MSN
 
 #include "ndpi_api.h"
@@ -65,7 +62,6 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
   u_int16_t plen;
   u_int16_t status = 0;
   
-#ifdef NDPI_PROTOCOL_SSL
   if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) {
     
     NDPI_LOG_DBG2(ndpi_struct, "msn ssl ft test\n");
@@ -73,28 +69,32 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
     if(flow->packet_counter < 10) {
       if(flow->packet_counter == 7 && packet->payload_packet_len > 300) {
 	if(memcmp(packet->payload + 24, "MSNSLP", 6) == 0
-	   || (get_u_int32_t(packet->payload, 0) == htonl(0x30000000) && get_u_int32_t(packet->payload, 4) == 0x00000000)) {
+	   || (get_u_int32_t(packet->payload, 0) == htonl(0x30000000)
+	       && get_u_int32_t(packet->payload, 4) == 0x00000000)) {
 	  NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer, ifdef ssl\n");
 	  ndpi_int_msn_add_connection(ndpi_struct, flow);
 	  return;
 	}
       }
-      if(flow->packet_counter >= 5 && flow->packet_counter <= 10 && (get_u_int32_t(packet->payload, 0) == htonl(0x18000000)
-								     && get_u_int32_t(packet->payload, 4) == 0x00000000)) {
+      
+      if(flow->packet_counter >= 5 && flow->packet_counter <= 10
+	 && (get_u_int32_t(packet->payload, 0) == htonl(0x18000000)
+	     && get_u_int32_t(packet->payload, 4) == 0x00000000)) {
 	flow->l4.tcp.msn_ssl_ft++;
 	NDPI_LOG_DBG2(ndpi_struct,
-		 "increased msn ft ssl stage to: %u at packet nr: %u\n", flow->l4.tcp.msn_ssl_ft,
+		      "increased msn ft ssl stage to: %u at packet nr: %u\n",
+		      flow->l4.tcp.msn_ssl_ft,
 		 flow->packet_counter);
 	if (flow->l4.tcp.msn_ssl_ft == 2) {
 	  NDPI_LOG_INFO(ndpi_struct,
 		   "found MSN File Transfer, ifdef ssl 2.\n");
 	  ndpi_int_msn_add_connection(ndpi_struct, flow);
 	}
+
 	return;
       }
     }
   }
-#endif
 
   /* we detect the initial connection only ! */
   /* match: "VER " ..... "CVR" x 0x0d 0x0a
@@ -103,15 +103,17 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
    */
   /* now we have a look at the first packet only. */
   if(flow->packet_counter == 1
-#ifdef NDPI_PROTOCOL_SSL
-      || ((packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) && flow->packet_counter <= 3)
-#endif
+      || ((packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL)
+	  && flow->packet_counter <= 3)
       ) {
     
     /* this part is working asymmetrically */
-    if(packet->payload_packet_len > 32 && (packet->payload[0] == 0x02 || packet->payload[0] == 0x00)
-       && (ntohl(get_u_int32_t(packet->payload, 8)) == 0x2112a442 || ntohl(get_u_int32_t(packet->payload, 4)) == 0x2112a442)
-       && ((ntohl(get_u_int32_t(packet->payload, 24)) == 0x000f0004 && ntohl(get_u_int32_t(packet->payload, 28)) == 0x72c64bc6)
+    if(packet->payload_packet_len > 32
+       && (packet->payload[0] == 0x02 || packet->payload[0] == 0x00)
+       && (ntohl(get_u_int32_t(packet->payload, 8)) == 0x2112a442
+	   || ntohl(get_u_int32_t(packet->payload, 4)) == 0x2112a442)
+       && ((ntohl(get_u_int32_t(packet->payload, 24)) == 0x000f0004
+	    && ntohl(get_u_int32_t(packet->payload, 28)) == 0x72c64bc6)
 	   || (ntohl(get_u_int32_t(packet->payload, 20)) == 0x000f0004
 	       && ntohl(get_u_int32_t(packet->payload, 24)) == 0x72c64bc6))) {
       NDPI_LOG_INFO(ndpi_struct,
@@ -145,10 +147,9 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
 	}
       }
     }
+
     if(
-#ifdef NDPI_PROTOCOL_HTTP
        packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP ||
-#endif
        ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "GET ") ||
        ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "POST ")) {
       ndpi_parse_packet_line_info(ndpi_struct, flow);
@@ -160,18 +161,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
 	return;
       }
     }
-/* #ifdef NDPI_PROTOCOL_HTTP */
-/*     /\* we have to examine two http packets *\/ */
-/*     if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP) { */
-/*     } */
-/* #endif */
+
     /* not seen this pattern in any trace */
     /* now test for http login, at least 100 a bytes packet */
     if(packet->payload_packet_len > 100) {
       if(
-#ifdef NDPI_PROTOCOL_HTTP
 	  packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP ||
-#endif
 	  memcmp(packet->payload, "POST http://", 12) == 0) {
 	/* scan packet if not already done... */
 	ndpi_parse_packet_line_info(ndpi_struct, flow);
@@ -193,9 +188,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
     /* for this case the asymmetric detection is asym (1) */
     if(packet->payload_packet_len > 400) {
       if((
-#ifdef NDPI_PROTOCOL_HTTP
 	  packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP ||
-#endif
 	  (memcmp(packet->payload, "POST ", 5) == 0))) {
 	u_int16_t c;
 	if(memcmp(&packet->payload[5], "http://", 7) == 0) {
@@ -259,9 +252,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
        && packet->payload_packet_len > 100) {
       /* not necessary to check the length, because this has been done : >400. */
       if(
-#ifdef NDPI_PROTOCOL_HTTP
 	 packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP ||
-#endif
 	 ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "HTTP/1.0 200 OK") ||
 	 ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "HTTP/1.1 200 OK")
 	 ) {
@@ -342,9 +333,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
       packet->payload_packet_len > 100) {
     /* not necessary to check the length, because this has been done : >400. */
     if(
-#ifdef NDPI_PROTOCOL_HTTP
        packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP ||
-#endif
        (memcmp(packet->payload, "HTTP/1.0 200 OK", 15) == 0) ||
        (memcmp(packet->payload, "HTTP/1.1 200 OK", 15) == 0)) {
       
@@ -507,15 +496,9 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd
       /* the detection can switch out the http or the ssl detection. In this case we need not check those protocols */
       // need to do the ceck when protocol == http too (POST /gateway ...)
       if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN
-#ifdef NDPI_PROTOCOL_HTTP
 	 || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP
-#endif
-#ifdef NDPI_PROTOCOL_SSL
 	 || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL
-#endif
-#ifdef NDPI_PROTOCOL_STUN
 	 || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN
-#endif
 	 )
 	ndpi_search_msn_tcp(ndpi_struct, flow);
     } else if (packet->udp != NULL) {
@@ -525,7 +508,8 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 }
 
 
-void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) 
+void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+			u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) 
 {
   
   NDPI_BITMASK_RESET(ndpi_struct->callback_buffer[*id].excluded_protocol_bitmask);
@@ -540,4 +524,3 @@ void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c
index 75507fd52..621ea2b0e 100644
--- a/src/lib/protocols/mssql_tds.c
+++ b/src/lib/protocols/mssql_tds.c
@@ -1,7 +1,7 @@
 /*
  * mssql.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MSSQL_TDS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MSSQL_TDS
 
 #include "ndpi_api.h"
@@ -83,5 +81,3 @@ void init_mssql_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c
index d1e695e55..d1602a2fe 100644
--- a/src/lib/protocols/mysql.c
+++ b/src/lib/protocols/mysql.c
@@ -2,7 +2,7 @@
  * mysql.c
  * 
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_MYSQL
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MYSQL
 
 #include "ndpi_api.h"
@@ -85,5 +83,3 @@ void init_mysql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/nest_log_sink.c b/src/lib/protocols/nest_log_sink.c
new file mode 100644
index 000000000..62e8fa75f
--- /dev/null
+++ b/src/lib/protocols/nest_log_sink.c
@@ -0,0 +1,79 @@
+/*
+ * nest_log_sink.c
+ *
+ * Copyright (C) 2009-2011 by ipoque GmbH
+ * Copyright (C) 2011-18 - ntop.org
+ * Copyright (C) 2018 - eGloo Incorporated
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "ndpi_protocol_ids.h"
+
+#define NDPI_CURRENT_PROTO      NDPI_PROTOCOL_NEST_LOG_SINK
+
+#include "ndpi_api.h"
+
+#define NEST_LOG_SINK_PORT          11095
+#define NEST_LOG_SINK_MIN_LEN       8
+#define NEST_LOG_SINK_MIN_MATCH     3
+
+void ndpi_search_nest_log_sink(
+        struct ndpi_detection_module_struct *ndpi_struct,
+        struct ndpi_flow_struct *flow)
+{
+    struct ndpi_packet_struct *packet = &flow->packet;
+
+    NDPI_LOG_DBG(ndpi_struct, "search nest_log_sink\n");
+
+    if (packet->payload_packet_len < NEST_LOG_SINK_MIN_LEN) {
+        NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+        return;
+    }
+
+    if (ntohs(packet->tcp->source) != NEST_LOG_SINK_PORT &&
+            ntohs(packet->tcp->dest) != NEST_LOG_SINK_PORT) {
+        NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+        return;
+    }
+
+    if (packet->payload[1] <= 0x02 &&
+            (packet->payload[2] == 0x00 || packet->payload[2] == 0x10) &&
+            packet->payload[3] == 0x13)
+        flow->l4.tcp.nest_log_sink_matches++;
+
+    if (flow->l4.tcp.nest_log_sink_matches == NEST_LOG_SINK_MIN_MATCH) {
+        NDPI_LOG_INFO(ndpi_struct, "found nest_log_sink\n");
+        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NEST_LOG_SINK, NDPI_PROTOCOL_UNKNOWN);
+    }
+}
+
+void init_nest_log_sink_dissector(
+        struct ndpi_detection_module_struct *ndpi_struct,
+        u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+    ndpi_set_bitmask_protocol_detection("NEST_LOG_SINK",
+            ndpi_struct, detection_bitmask, *id,
+            NDPI_PROTOCOL_NEST_LOG_SINK,
+            ndpi_search_nest_log_sink,
+            NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+            SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+            ADD_TO_DETECTION_BITMASK);
+
+    *id += 1;
+}
diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
index 634284121..925b864ad 100644
--- a/src/lib/protocols/netbios.c
+++ b/src/lib/protocols/netbios.c
@@ -2,7 +2,7 @@
  * netbios.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-17 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_NETBIOS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETBIOS
 
 #include "ndpi_api.h"
@@ -332,9 +330,8 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
 
       NDPI_LOG_DBG2(ndpi_struct, "found netbios port 138 and payload length >= 112 \n");
 
-      if(packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) {
-
-	NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n");
+      if(packet->payload[0] >= 0x10 && packet->payload[0] <= 0x16) {
+	NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x10,0x11,0x12,0x13,0x14,0x15 or 0x16\n");
 
 	if(ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) {
 	  NDPI_LOG_INFO(ndpi_struct, "found netbios with checked ip-address\n");
@@ -390,5 +387,3 @@ void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c
index a553e4b6a..23c4bc587 100644
--- a/src/lib/protocols/netflow.c
+++ b/src/lib/protocols/netflow.c
@@ -1,7 +1,7 @@
 /*
  * netflow.c
  *
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_NETFLOW
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETFLOW
 
 #include "ndpi_api.h"
@@ -184,4 +182,3 @@ void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/nfs.c b/src/lib/protocols/nfs.c
index c074b9d3b..c9e3265a5 100644
--- a/src/lib/protocols/nfs.c
+++ b/src/lib/protocols/nfs.c
@@ -2,7 +2,7 @@
  * nfs.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_NFS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NFS
 
 #include "ndpi_api.h"
@@ -101,4 +99,3 @@ void init_nfs_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c
index 8b76f33a6..bbc87a495 100644
--- a/src/lib/protocols/nintendo.c
+++ b/src/lib/protocols/nintendo.c
@@ -1,7 +1,7 @@
 /*
  * nintendo.c
  *
- * Copyright (C) 2017 by ntop.org
+ * Copyright (C) 2017-18 by ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_NINTENDO
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NINTENDO
 
 #include "ndpi_api.h"
@@ -67,4 +65,3 @@ void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/noe.c b/src/lib/protocols/noe.c
index 9899b056b..da572b6c0 100644
--- a/src/lib/protocols/noe.c
+++ b/src/lib/protocols/noe.c
@@ -7,8 +7,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_NOE
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NOE
 
 #include "ndpi_api.h"
@@ -21,7 +19,8 @@ static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct
   NDPI_LOG_INFO(ndpi_struct, "found noe\n");
 }
 
-void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct,
+		     struct ndpi_flow_struct *flow)
 {
   struct ndpi_packet_struct *packet = &flow->packet;
   
@@ -66,4 +65,3 @@ void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c
index 668a158d7..b7cc4a4d0 100644
--- a/src/lib/protocols/non_tcp_udp.c
+++ b/src/lib/protocols/non_tcp_udp.c
@@ -2,7 +2,7 @@
  * non_tcp_udp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#if defined(NDPI_PROTOCOL_IP_IPSEC) || defined(NDPI_PROTOCOL_IP_GRE) || defined(NDPI_PROTOCOL_IP_ICMP)  || defined(NDPI_PROTOCOL_IP_IGMP) || defined(NDPI_PROTOCOL_IP_EGP) || defined(NDPI_PROTOCOL_IP_SCTP) || defined(NDPI_PROTOCOL_IP_OSPF) || defined(NDPI_PROTOCOL_IP_IP_IN_IP)
-
 #include "ndpi_api.h"
 
 #define set_protocol_and_bmask(nprot)					\
@@ -52,57 +50,46 @@ void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct
   }
 
   switch (packet->l4_protocol) {
-#ifdef NDPI_PROTOCOL_IP_IPSEC
   case NDPI_IPSEC_PROTOCOL_ESP:
   case NDPI_IPSEC_PROTOCOL_AH:
     set_protocol_and_bmask(NDPI_PROTOCOL_IP_IPSEC);
     break;
-#endif							/* NDPI_PROTOCOL_IP_IPSEC */
-#ifdef NDPI_PROTOCOL_IP_GRE
+
   case NDPI_GRE_PROTOCOL_TYPE:
     set_protocol_and_bmask(NDPI_PROTOCOL_IP_GRE);
     break;
-#endif							/* NDPI_PROTOCOL_IP_GRE */
-#ifdef NDPI_PROTOCOL_IP_ICMP
+
   case NDPI_ICMP_PROTOCOL_TYPE:
     set_protocol_and_bmask(NDPI_PROTOCOL_IP_ICMP);
     break;
-#endif							/* NDPI_PROTOCOL_IP_ICMP */
-#ifdef NDPI_PROTOCOL_IP_IGMP
+
   case NDPI_IGMP_PROTOCOL_TYPE:
     set_protocol_and_bmask(NDPI_PROTOCOL_IP_IGMP);
     break;
-#endif							/* NDPI_PROTOCOL_IP_IGMP */
-#ifdef NDPI_PROTOCOL_IP_EGP
+
   case NDPI_EGP_PROTOCOL_TYPE:
     set_protocol_and_bmask(NDPI_PROTOCOL_IP_EGP);
     break;
-#endif							/* NDPI_PROTOCOL_IP_EGP */
-#ifdef NDPI_PROTOCOL_IP_SCTP
+
   case NDPI_SCTP_PROTOCOL_TYPE:
     set_protocol_and_bmask(NDPI_PROTOCOL_IP_SCTP);
     break;
-#endif							/* NDPI_PROTOCOL_IP_SCTP */
-#ifdef NDPI_PROTOCOL_IP_OSPF
+
   case NDPI_OSPF_PROTOCOL_TYPE:
     set_protocol_and_bmask(NDPI_PROTOCOL_IP_OSPF);
     break;
-#endif							/* NDPI_PROTOCOL_IP_OSPF */
-#ifdef NDPI_PROTOCOL_IP_IP_IN_IP
+
   case NDPI_IPIP_PROTOCOL_TYPE:
     set_protocol_and_bmask(NDPI_PROTOCOL_IP_IP_IN_IP);
     break;
-#endif							/* NDPI_PROTOCOL_IP_IP_IN_IP */
-#ifdef NDPI_PROTOCOL_IP_ICMPV6
+
   case NDPI_ICMPV6_PROTOCOL_TYPE:
     set_protocol_and_bmask(NDPI_PROTOCOL_IP_ICMPV6);
     break;
-#endif							/* NDPI_PROTOCOL_IP_ICMPV6 */
-#ifdef NDPI_PROTOCOL_IP_VRRP
+
   case 112:
     set_protocol_and_bmask(NDPI_PROTOCOL_IP_VRRP);
     break;
-#endif							/* NDPI_PROTOCOL_IP_VRRP */
   }
 }
 
@@ -113,7 +100,6 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
   /* always add non tcp/udp if one protocol is compiled in */
   NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[*id].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
 
-#ifdef NDPI_PROTOCOL_IP_IPSEC
   ndpi_set_bitmask_protocol_detection("IP_IPSEC", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_IP_IPSEC,
 				      ndpi_search_in_non_tcp_udp,
@@ -121,8 +107,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
-#ifdef NDPI_PROTOCOL_IP_GRE 
+
   ndpi_set_bitmask_protocol_detection("IP_GRE", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_IP_GRE,
 				      ndpi_search_in_non_tcp_udp,
@@ -130,8 +115,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
-#ifdef NDPI_PROTOCOL_IP_ICMP
+
   ndpi_set_bitmask_protocol_detection("IP_ICMP", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_IP_ICMP,
 				      ndpi_search_in_non_tcp_udp,
@@ -139,8 +123,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
-#ifdef NDPI_PROTOCOL_IP_IGMP
+
   ndpi_set_bitmask_protocol_detection("IP_IGMP", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_IP_IGMP,
 				      ndpi_search_in_non_tcp_udp,
@@ -148,8 +131,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
-#ifdef NDPI_PROTOCOL_IP_EGP
+
   ndpi_set_bitmask_protocol_detection("IP_EGP", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_IP_EGP,
 				      ndpi_search_in_non_tcp_udp,
@@ -157,8 +139,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
-#ifdef NDPI_PROTOCOL_IP_SCTP
+
   ndpi_set_bitmask_protocol_detection("IP_SCTP", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_IP_SCTP,
 				      ndpi_search_in_non_tcp_udp,
@@ -166,8 +147,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
-#ifdef NDPI_PROTOCOL_IP_OSPF
+
   ndpi_set_bitmask_protocol_detection("IP_OSPF", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_IP_OSPF,
 				      ndpi_search_in_non_tcp_udp,
@@ -175,8 +155,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
-#ifdef NDPI_PROTOCOL_IP_IP_IN_IP
+
   ndpi_set_bitmask_protocol_detection("IP_IP_IN_IP", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_IP_IP_IN_IP,
 				      ndpi_search_in_non_tcp_udp,
@@ -184,8 +163,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
-#ifdef NDPI_PROTOCOL_IP_ICMPV6
+
   ndpi_set_bitmask_protocol_detection("IP_ICMPV6", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_IP_ICMPV6,
 				      ndpi_search_in_non_tcp_udp,
@@ -193,8 +171,4 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct
 				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
-#endif
-
 }
-
-#endif
diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c
index 3b8eb3d7d..9290fbfb3 100644
--- a/src/lib/protocols/ntp.c
+++ b/src/lib/protocols/ntp.c
@@ -2,7 +2,7 @@
  * ntp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_NTP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NTP
 
 #include "ndpi_api.h"
@@ -77,4 +75,3 @@ void init_ntp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/ookla.c b/src/lib/protocols/ookla.c
new file mode 100644
index 000000000..b1eb295a7
--- /dev/null
+++ b/src/lib/protocols/ookla.c
@@ -0,0 +1,66 @@
+/*
+ * ookla.c
+ *
+ * Copyright (C) 2018 - ntop.org
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+#include "ndpi_protocol_ids.h"
+
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OOKLA
+
+#include "ndpi_api.h"
+#include "lruc.h"
+
+
+void ndpi_search_ookla(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) {
+  struct ndpi_packet_struct* packet = &flow->packet;
+  u_int32_t addr = 0;
+  void *value;
+  
+  NDPI_LOG_DBG(ndpi_struct, "Ookla detection\n");
+  
+  if(packet->tcp->source == htons(8080))
+    addr = packet->iph->saddr;
+  else if(packet->tcp->dest == htons(8080))
+    addr = packet->iph->daddr;
+  else
+    goto ookla_exclude;
+  
+  if(ndpi_struct->ookla_cache != NULL) {
+    if(lruc_get(ndpi_struct->ookla_cache, &addr, sizeof(addr), &value) == LRUC_NO_ERROR) {
+      /* Don't remove it as it can be used for other connections */
+      NDPI_LOG_INFO(ndpi_struct, "found ookla tcp connection\n");
+      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN);
+      return;
+    }	
+  }
+
+ ookla_exclude:
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);  
+}
+
+void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+			  u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) {
+  ndpi_set_bitmask_protocol_detection("Ookla", ndpi_struct, detection_bitmask, *id,
+				      NDPI_PROTOCOL_OOKLA,
+				      ndpi_search_ookla,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP,
+				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+				      ADD_TO_DETECTION_BITMASK);
+
+  *id += 1;
+}
+
diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c
index d0b50c8a2..30fb1c68f 100644
--- a/src/lib/protocols/openft.c
+++ b/src/lib/protocols/openft.c
@@ -2,7 +2,7 @@
  * openft.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_OPENFT
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENFT
 
 #include "ndpi_api.h"
@@ -67,5 +65,3 @@ void init_openft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c
index 6756c173d..6bd480ea1 100644
--- a/src/lib/protocols/openvpn.c
+++ b/src/lib/protocols/openvpn.c
@@ -1,7 +1,7 @@
 /*
  * openvpn.c
  *
- * Copyright (C) 2011-16 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * OpenVPN TCP / UDP Detection - 128/160 hmac
  *
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_OPENVPN
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENVPN
 
 #include "ndpi_api.h"
@@ -135,5 +133,3 @@ void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c
index 5fda78672..6ad6bac4c 100644
--- a/src/lib/protocols/oracle.c
+++ b/src/lib/protocols/oracle.c
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_ORACLE
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ORACLE
 
 #include "ndpi_api.h"
@@ -75,5 +73,3 @@ void init_oracle_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c
index 6dec353a5..010a620e9 100644
--- a/src/lib/protocols/oscar.c
+++ b/src/lib/protocols/oscar.c
@@ -2,7 +2,7 @@
  * oscar.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_OSCAR
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OSCAR
 
 #include "ndpi_api.h"
@@ -816,5 +814,3 @@ void init_oscar_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/pando.c b/src/lib/protocols/pando.c
index ccf1ee12d..ece78559d 100644
--- a/src/lib/protocols/pando.c
+++ b/src/lib/protocols/pando.c
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_PANDO
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PANDO
 
 #include "ndpi_api.h"
@@ -167,5 +165,3 @@ void init_pando_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/pcanywhere.c b/src/lib/protocols/pcanywhere.c
index 56b68b567..0d205d5f3 100644
--- a/src/lib/protocols/pcanywhere.c
+++ b/src/lib/protocols/pcanywhere.c
@@ -2,7 +2,7 @@
  * pcanywhere.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_PCANYWHERE
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PCANYWHERE
 
 #include "ndpi_api.h"
@@ -67,4 +65,3 @@ void init_pcanywhere_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c
index e23d316e4..089be4e31 100644
--- a/src/lib/protocols/postgres.c
+++ b/src/lib/protocols/postgres.c
@@ -2,7 +2,7 @@
  * postgres.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_POSTGRES
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_POSTGRES
 
 #include "ndpi_api.h"
@@ -131,4 +129,3 @@ void init_postgres_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/pplive.c b/src/lib/protocols/pplive.c
index 6f874d7b6..2e41d64f5 100644
--- a/src/lib/protocols/pplive.c
+++ b/src/lib/protocols/pplive.c
@@ -26,8 +26,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_PPLIVE
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPLIVE
 
 #include "ndpi_api.h"
@@ -232,4 +230,3 @@ void init_pplive_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c
index 08d2f8ade..20eb0d428 100644
--- a/src/lib/protocols/ppstream.c
+++ b/src/lib/protocols/ppstream.c
@@ -1,7 +1,7 @@
 /*
  * ppstream.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_PPSTREAM
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPSTREAM
 
 #include "ndpi_api.h"
@@ -237,4 +235,3 @@ void init_ppstream_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/pptp.c b/src/lib/protocols/pptp.c
index 9bacdeded..cfe360b5b 100644
--- a/src/lib/protocols/pptp.c
+++ b/src/lib/protocols/pptp.c
@@ -2,7 +2,7 @@
  * pptp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_PPTP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPTP
 
 #include "ndpi_api.h"
@@ -69,5 +67,3 @@ void init_pptp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c
index f3b713132..077d385fa 100644
--- a/src/lib/protocols/qq.c
+++ b/src/lib/protocols/qq.c
@@ -2,7 +2,7 @@
  * qq.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_QQ
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QQ
 
 #include "ndpi_api.h"
@@ -636,17 +634,13 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct
       }
     }
   }
-#ifdef NDPI_PROTOCOL_HTTP
+
   if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) {
-#endif							/* NDPI_PROTOCOL_HTTP */
 
     NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QQ);
     NDPI_LOG_DBG(ndpi_struct, "QQ tcp excluded; len %u\n",
 	     packet->payload_packet_len);
-
-#ifdef NDPI_PROTOCOL_HTTP
   }
-#endif							/* NDPI_PROTOCOL_HTTP */
 
 }
 
@@ -674,5 +668,3 @@ void init_qq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index 6bf5cb0b2..e28db634a 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -3,10 +3,6 @@
  *
  * Copyright (C) 2012-18 - ntop.org
  *
- * Based on code of:
- * Andrea Buscarinu - <andrea.buscarinu@gmail.com>
- * Michele Campus - <campus@ntop.org>
- *
  * This module is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
  * the Free Software Foundation, either version 3 of the License, or
@@ -20,12 +16,14 @@
  * You should have received a copy of the GNU Lesser General Public License.
  * If not, see <http://www.gnu.org/licenses/>.
  *
+ * Based on code of:
+ * Andrea Buscarinu - <andrea.buscarinu@gmail.com>
+ * Michele Campus - <campus@ntop.org>
+ *
  */
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_QUIC
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUIC
 
 #include "ndpi_api.h"
@@ -109,6 +107,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
 	    if((sni_offset+len) < udp_len) {
 	      if(!ndpi_struct->disable_metadata_export) {
 		int max_len = sizeof(flow->host_server_name)-1, j = 0;
+		ndpi_protocol_match_result ret_match;
 		
 		if(len > max_len) len = max_len;
 		
@@ -120,6 +119,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
 		ndpi_match_host_subprotocol(ndpi_struct, flow, 
 					    (char *)flow->host_server_name,
 					    strlen((const char*)flow->host_server_name),
+					    &ret_match,
 					    NDPI_PROTOCOL_QUIC);
 	      }
 	    }
@@ -148,5 +148,3 @@ void init_quic_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 
   *id += 1;
 }
-
-#endif /* NDPI_PROTOCOL_QUIC */
diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c
index e0eb2657b..1c85f48d7 100644
--- a/src/lib/protocols/radius.c
+++ b/src/lib/protocols/radius.c
@@ -1,7 +1,7 @@
 /*
  * radius.c
  *
- * Copyright (C) 2012-15 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_RADIUS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RADIUS
 
 #include "ndpi_api.h"
@@ -79,5 +77,3 @@ void init_radius_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c
index 9ce692893..bc59ea1fb 100644
--- a/src/lib/protocols/rdp.c
+++ b/src/lib/protocols/rdp.c
@@ -2,7 +2,7 @@
  * rdp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_RDP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RDP
 
 #include "ndpi_api.h"
@@ -69,5 +67,3 @@ void init_rdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c
index 4b51908fd..cb1e2e39b 100644
--- a/src/lib/protocols/redis_net.c
+++ b/src/lib/protocols/redis_net.c
@@ -1,7 +1,7 @@
 /*
  * redis.c
  *
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_REDIS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_REDIS
 
 #include "ndpi_api.h"
@@ -103,5 +101,3 @@ void init_redis_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c
index 157b2e0e0..8cc3dd16d 100644
--- a/src/lib/protocols/rsync.c
+++ b/src/lib/protocols/rsync.c
@@ -2,7 +2,7 @@
  * rsync.c
  *
  * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
- * Copyright (C) 2016 ntop.org
+ * Copyright (C) 2016-18 ntop.org
  *
  * This module is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -21,8 +21,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_RSYNC
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RSYNC
 
 #include "ndpi_api.h"
@@ -69,5 +67,3 @@ void init_rsync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c
index b924b476d..77903d6cc 100644
--- a/src/lib/protocols/rtcp.c
+++ b/src/lib/protocols/rtcp.c
@@ -6,8 +6,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_RTCP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTCP
 
 #include "ndpi_api.h"
@@ -15,10 +13,12 @@
 static void ndpi_int_rtcp_add_connection(struct ndpi_detection_module_struct
 					 *ndpi_struct, struct ndpi_flow_struct *flow)
 {
-  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, NDPI_PROTOCOL_UNKNOWN);
+  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP,
+			     NDPI_PROTOCOL_UNKNOWN);
 }
 
-void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct,
+		      struct ndpi_flow_struct *flow)
 {
   struct ndpi_packet_struct *packet = &flow->packet;
   u_int16_t dport = 0, sport = 0;
@@ -79,5 +79,3 @@ void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c
index 52492a290..9bf73fecd 100644
--- a/src/lib/protocols/rtmp.c
+++ b/src/lib/protocols/rtmp.c
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_RTMP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTMP
 
 #include "ndpi_api.h"
@@ -105,4 +103,3 @@ void init_rtmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c
index 38cd62504..0ccc08594 100644
--- a/src/lib/protocols/rtp.c
+++ b/src/lib/protocols/rtp.c
@@ -2,7 +2,7 @@
  * rtp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_RTP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTP
 
 #include "ndpi_api.h"
@@ -308,13 +306,12 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
   return;
 
  exclude_rtp:
-#ifdef NDPI_PROTOCOL_STUN
   if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN
       || /* packet->real_protocol_read_only == NDPI_PROTOCOL_STUN */) {
     NDPI_LOG_DBG(ndpi_struct, "STUN: is detected, need next packet\n");
     return;
   }
-#endif							/*  NDPI_PROTOCOL_STUN */
+
   NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 }
 
@@ -337,7 +334,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	       "skipping STUN-like, special yahoo packets with payload[0] == 0x90.\n");
       return;
     }
-#ifdef NDPI_PROTOCOL_STUN
+
     /* TODO the rtp detection sometimes doesn't exclude rtp
      * so for TCP flows only run the detection if STUN has been
      * detected (or RTP is already detected)
@@ -360,6 +357,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	return;
       }
     }
+
     if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN && flow->l4.tcp.rtp_special_packets_seen == 1) {
 
       if (packet->payload_packet_len >= 4 && ntohl(get_u_int32_t(packet->payload, 0)) + 4 == packet->payload_packet_len) {
@@ -378,15 +376,13 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd
     } else {
       NDPI_LOG_DBG(ndpi_struct, "STUN not yet excluded, need next packet\n");
     }
-#else
-    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-#endif
   }
 }
 #endif
 
 
-void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+			u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
 {
   ndpi_set_bitmask_protocol_detection("RTP", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_RTP,
@@ -398,6 +394,3 @@ void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-#endif	   
-/* NDPI_PROTOCOL_RTP */
-
diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c
index e20c53065..9620dd504 100644
--- a/src/lib/protocols/rtsp.c
+++ b/src/lib/protocols/rtsp.c
@@ -2,7 +2,7 @@
  * rtsp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,14 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_RTSP
- #ifndef NDPI_PROTOCOL_RTP
- #error RTSP requires RTP detection to work correctly
- #endif
- #ifndef NDPI_PROTOCOL_RDP
- #error RTSP requires RDP detection to work correctly
- #endif
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTSP
 
 #include "ndpi_api.h"
@@ -56,9 +48,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct
   NDPI_LOG_DBG(ndpi_struct, "search RTSP\n");
 
   if (flow->rtsprdt_stage == 0
-#ifdef NDPI_PROTOCOL_RTCP
       && !(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_RTCP)
-#endif
       ) {
     flow->rtsprdt_stage = 1 + packet->packet_direction;
     NDPI_LOG_DBG2(ndpi_struct, "maybe handshake 1; need next packet, return\n");
@@ -102,9 +92,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct
   }
   if (packet->udp != NULL && packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN
       && ((NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP) == 0)
-#ifdef NDPI_PROTOCOL_RTCP
 	  || (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP) == 0)
-#endif
 	  )) {
     NDPI_LOG_DBG2(ndpi_struct,
 	     "maybe RTSP RTP, RTSP RTCP, RDT; need next packet.\n");
@@ -127,5 +115,3 @@ void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c
index 6eb9bf149..522d9ef5c 100644
--- a/src/lib/protocols/rx.c
+++ b/src/lib/protocols/rx.c
@@ -1,7 +1,7 @@
 /*
  * rx.c
  *
- * Copyright (C) 2012-16 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * Giovanni Mascellani <gio@debian.org>
  *
@@ -25,8 +25,6 @@
 #include "ndpi_protocol_ids.h"
 
 
-#ifdef NDPI_PROTOCOL_RX
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RX
 
 #include "ndpi_api.h"
@@ -227,4 +225,3 @@ void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c
index 75b631abc..cb1acff8d 100644
--- a/src/lib/protocols/sflow.c
+++ b/src/lib/protocols/sflow.c
@@ -1,7 +1,7 @@
 /*
  * sflow.c
  *
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SFLOW
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SFLOW
 
 #include "ndpi_api.h"
@@ -59,4 +57,3 @@ void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/shoutcast.c b/src/lib/protocols/shoutcast.c
index 2115c574f..10486c0bd 100644
--- a/src/lib/protocols/shoutcast.c
+++ b/src/lib/protocols/shoutcast.c
@@ -2,7 +2,7 @@
  * shoutcast.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SHOUTCAST
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SHOUTCAST
 
 #include "ndpi_api.h"
@@ -52,9 +50,7 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct
 			return;
 		}
 		if (flow->packet_counter < 3
-#ifdef NDPI_PROTOCOL_HTTP
 			&& packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP
-#endif
 			) {
 			NDPI_LOG_DBG2(ndpi_struct,
 					"http detected, need next packet for shoutcast detection.\n");
@@ -119,4 +115,4 @@ void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-#endif
+
diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c
index 5edd377c6..1436b2cec 100644
--- a/src/lib/protocols/sip.c
+++ b/src/lib/protocols/sip.c
@@ -2,7 +2,7 @@
  * sip.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SIP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SIP
 
 #include "ndpi_api.h"
@@ -59,12 +57,8 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct
       packet_payload += 4;
     }
   }
-#ifndef NDPI_PROTOCOL_YAHOO
-  if (payload_len >= 14 && packet_payload[payload_len - 2] == 0x0d && packet_payload[payload_len - 1] == 0x0a)
-#endif
-#ifdef NDPI_PROTOCOL_YAHOO
-    if (payload_len >= 14)
-#endif
+
+  if (payload_len >= 14)
       {
 
 	if ((memcmp(packet_payload, "NOTIFY ", 7) == 0 || memcmp(packet_payload, "notify ", 7) == 0)
@@ -146,19 +140,18 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct
     NDPI_LOG_DBG2(ndpi_struct, "need next packet\n");
     return;
   }
-#ifdef NDPI_PROTOCOL_STUN
+
   /* for STUN flows we need some more packets */
   if (packet->udp != NULL && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN && flow->packet_counter < 40) {
     NDPI_LOG_DBG2(ndpi_struct, "need next STUN packet\n");
     return;
   }
-#endif
 
   if (payload_len == 4 && get_u_int32_t(packet_payload, 0) == 0) {
     NDPI_LOG_DBG2(ndpi_struct, "maybe sip. need next packet\n");
     return;
   }
-#ifdef NDPI_PROTOCOL_YAHOO
+
   if (payload_len > 30 && packet_payload[0] == 0x90
       && packet_payload[3] == payload_len - 20 && get_u_int32_t(packet_payload, 4) == 0
       && get_u_int32_t(packet_payload, 8) == 0) {
@@ -168,9 +161,8 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct
   if (flow->sip_yahoo_voice && flow->packet_counter < 10) {
     return;
   }
-#endif
-  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 }
 
 void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
@@ -200,4 +192,3 @@ void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/skinny.c b/src/lib/protocols/skinny.c
index 0acebf271..5ec54dbdf 100644
--- a/src/lib/protocols/skinny.c
+++ b/src/lib/protocols/skinny.c
@@ -19,8 +19,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SKINNY
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SKINNY
 
 #include "ndpi_api.h"
@@ -75,5 +73,3 @@ void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c
index ea571961f..35dcb0161 100644
--- a/src/lib/protocols/skype.c
+++ b/src/lib/protocols/skype.c
@@ -1,7 +1,7 @@
 /*
  * skype.c
  *
- * Copyright (C) 2017 - ntop.org
+ * Copyright (C) 2017-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -19,20 +19,26 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SKYPE
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SKYPE
 
 #include "ndpi_api.h"
 
+static void ndpi_skype_report_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
+  //printf("-> payload_len=%u\n", flow->packet.payload_packet_len);
+  
+  NDPI_LOG_INFO(ndpi_struct, "found skype\n");
+  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE);
+}
 
-static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
+static int is_port(u_int16_t a, u_int16_t b, u_int16_t c) {
+  return(((a == c) || (b == c)) ? 1 : 0);
+}
+
+static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &flow->packet;
   // const u_int8_t *packet_payload = packet->payload;
   u_int32_t payload_len = packet->payload_packet_len;
 
-
   if(flow->host_server_name[0] != '\0')
     return;
 
@@ -41,25 +47,33 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s
     flow->l4.udp.skype_packet_id++;
 
     if(flow->l4.udp.skype_packet_id < 5) {
+      u_int16_t sport = ntohs(packet->udp->source);
       u_int16_t dport = ntohs(packet->udp->dest);
 
       /* skype-to-skype */
-      if(dport != 1119) /* It can be confused with battle.net */ {
+      if(is_port(sport, dport, 1119) /* It can be confused with battle.net */
+	 || is_port(sport, dport, 80) /* No HTTP-like protocols UDP/80 */
+	 ) {
+	;
+      } else {
 	if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) ||
 	   ((payload_len >= 16)
 	    && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */
 	    && (packet->payload[2] == 0x02))) {
-	  NDPI_LOG_INFO(ndpi_struct, "found skype\n");
-	  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN);
+	  ndpi_skype_report_protocol(ndpi_struct, flow);
 	}
       }
-      return;
+      
+      // return;
     }
+    
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
     return;
-
     // TCP check
-  } else if(packet->tcp != NULL) {
+  } else if((packet->tcp != NULL)
+	    /* As the TCP skype heuristic is weak, we need to make sure no other protocols overlap */
+	    && (flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN)
+	    && (flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN)) {
     flow->l4.tcp.skype_packet_id++;
 
     if(flow->l4.tcp.skype_packet_id < 3) {
@@ -73,9 +87,9 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s
       if((payload_len == 8) || (payload_len == 3) || (payload_len == 17)) {
 	// printf("[SKYPE] payload_len=%u\n", payload_len);
 	/* printf("[SKYPE] %u/%u\n", ntohs(packet->tcp->source), ntohs(packet->tcp->dest)); */
-
+	
 	NDPI_LOG_INFO(ndpi_struct, "found skype\n");
-	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN);
+	ndpi_skype_report_protocol(ndpi_struct, flow);
       } else {
 	// printf("NO [SKYPE] payload_len=%u\n", payload_len);
       }
@@ -112,5 +126,3 @@ void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c
index 6ac7e282a..c6b0676b6 100644
--- a/src/lib/protocols/smb.c
+++ b/src/lib/protocols/smb.c
@@ -1,7 +1,7 @@
 /*
  * smb.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -22,10 +22,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SMB
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMB
-
 #include "ndpi_api.h"
 
 
@@ -45,19 +41,23 @@ void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
       
       NDPI_LOG_INFO(ndpi_struct, "found SMB\n");
 
-      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMB, NDPI_PROTOCOL_UNKNOWN);
+      if(packet->payload[8] == 0x72)
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV1, NDPI_PROTOCOL_UNKNOWN);
+      else
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV23, NDPI_PROTOCOL_UNKNOWN);
       return;
     }
   }
 
-  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+  ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV1, __FILE__, __FUNCTION__, __LINE__);
+  ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV23, __FILE__, __FUNCTION__, __LINE__);
 }
 
 
 void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
 {
   ndpi_set_bitmask_protocol_detection("SMB", ndpi_struct, detection_bitmask, *id,
-				      NDPI_PROTOCOL_SMB,
+				      NDPI_PROTOCOL_SMBV23,
 				      ndpi_search_smb_tcp,
 				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
@@ -66,4 +66,3 @@ void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c
index 1bd2a870b..444516cd3 100644
--- a/src/lib/protocols/smpp.c
+++ b/src/lib/protocols/smpp.c
@@ -2,7 +2,7 @@
  * smpp.c
  * 
  * Copyright (C) 2016 - Damir Franusic <df@release14.org>
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -22,8 +22,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SMPP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMPP
 
 #include "ndpi_api.h"
@@ -319,5 +317,3 @@ void init_smpp_dissector(struct ndpi_detection_module_struct* ndpi_struct,
 
   *id += 1;
 }
-
-#endif // NDPI_PROTOCOL_SMPP
diff --git a/src/lib/protocols/snmp.c b/src/lib/protocols/snmp_proto.c
index 6a2f2624f..77ad4d233 100644
--- a/src/lib/protocols/snmp.c
+++ b/src/lib/protocols/snmp_proto.c
@@ -2,7 +2,7 @@
  * snmp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SNMP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SNMP
 
 #include "ndpi_api.h"
@@ -125,7 +123,6 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n
   }
  excl:
   NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-
 }
 
 
@@ -141,4 +138,3 @@ void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c
index 32c83934a..36c18ef54 100644
--- a/src/lib/protocols/socks45.c
+++ b/src/lib/protocols/socks45.c
@@ -1,7 +1,7 @@
 /*
  * socks4.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  * Copyright (C) 2014 Tomasz Bujlow <tomasz@skatnet.dk>
  *
  * The signature is based on the Libprotoident library.
@@ -25,8 +25,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SOCKS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOCKS
 
 #include "ndpi_api.h"
@@ -148,4 +146,3 @@ void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c
index 604022714..9211a4b85 100644
--- a/src/lib/protocols/someip.c
+++ b/src/lib/protocols/someip.c
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SOMEIP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOMEIP
 
 #include "ndpi_api.h"
@@ -192,7 +190,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct,
   }
 
   if (message_id == MSG_SD){
-    NDPI_LOG_DBG2(ndpi_struct, "SOME/IP-SD currently not supported\n", message_type);
+    NDPI_LOG_DBG2(ndpi_struct, "SOME/IP-SD currently not supported [%d]\n", message_type);
   }
 
   //Filtering by port. 
@@ -227,5 +225,4 @@ void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct,
   *id +=1;
 }
 
-#endif // NDPI_PROTOCOL_SOMEIP
 
diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c
index 3e8009454..c40213bf7 100644
--- a/src/lib/protocols/sopcast.c
+++ b/src/lib/protocols/sopcast.c
@@ -2,7 +2,7 @@
  * sopcast.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SOPCAST
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOPCAST
 
 #include "ndpi_api.h"
@@ -226,4 +224,3 @@ void init_sopcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c
index 8f4bbb32c..de1b548be 100644
--- a/src/lib/protocols/soulseek.c
+++ b/src/lib/protocols/soulseek.c
@@ -1,7 +1,7 @@
 /*
  * soulseek.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SOULSEEK
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOULSEEK
 
 #include "ndpi_api.h"
@@ -51,13 +49,15 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct,
       if(src != NULL)
 	NDPI_LOG_DBG2(ndpi_struct,
 		 "  SRC bitmask: %u, packet tick %llu , last safe access timestamp: %llu\n",
-		 NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK)
-		 != 0 ? 1 : 0, (u_int64_t) packet->tick_timestamp, (u_int64_t) src->soulseek_last_safe_access_time);
+		      NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK)
+		 != 0 ? 1 : 0, (long long unsigned int) packet->tick_timestamp,
+		      (long long unsigned int) src->soulseek_last_safe_access_time);
       if(dst != NULL)
 	NDPI_LOG_DBG2(ndpi_struct,
 		 "  DST bitmask: %u, packet tick %llu , last safe ts: %llu\n",
 		 NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK)
-		 != 0 ? 1 : 0, (u_int64_t) packet->tick_timestamp, (u_int64_t) dst->soulseek_last_safe_access_time);
+		 != 0 ? 1 : 0, (long long unsigned int) packet->tick_timestamp,
+		      (long long unsigned int) dst->soulseek_last_safe_access_time);
 
       if(packet->payload_packet_len == 431) {
 	if(dst != NULL) {
@@ -278,5 +278,3 @@ void init_soulseek_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c
index f3b23aadb..a180a1ea7 100644
--- a/src/lib/protocols/spotify.c
+++ b/src/lib/protocols/spotify.c
@@ -23,8 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SPOTIFY
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SPOTIFY
 
 #include "ndpi_api.h"
@@ -90,17 +88,25 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct,
       */
 
 	//printf("%08X - %08X\n", ntohl(packet->iph->saddr), ntohl(packet->iph->daddr));
-	if(((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0x4E1F0800 /* 78.31.8.0 */)
-	   || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0x4E1F0800 /* 78.31.8.0 */)
+
+    long src_addr = ntohl(packet->iph->saddr);
+    long dst_addr = ntohl(packet->iph->daddr);
+    long src_addr_masked_22 = src_addr & 0xFFFFFC00; // */22
+    long dst_addr_masked_22 = dst_addr & 0xFFFFFC00; // */22
+    long src_addr_masked_24 = src_addr & 0xFFFFFF00; // */24
+    long dst_addr_masked_24 = dst_addr & 0xFFFFFF00; // */24
+
+	if(   src_addr_masked_22 == 0x4E1F0800 /* 78.31.8.0 */
+	   || dst_addr_masked_22 == 0x4E1F0800 /* 78.31.8.0 */
 	   /* **** */
-	   || ((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC1EBE800 /* 193.235.232.0 */)
-	   || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC1EBE800 /* 193.235.232.0 */)
-        /* **** */
-          || ((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284C400 /* 194.132.196.0 */)
-          || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284C400 /* 194.132.196.0 */)
-        /* **** */
-          || ((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284A200 /* 194.132.162.0 */)
-          || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284A200 /* 194.132.162.0 */)
+	   || src_addr_masked_22 == 0xC1EBE800 /* 193.235.232.0 */
+	   || dst_addr_masked_22 == 0xC1EBE800 /* 193.235.232.0 */
+       /* **** */
+       || src_addr_masked_22 == 0xC284C400 /* 194.132.196.0 */
+       || dst_addr_masked_22 == 0xC284C400 /* 194.132.196.0 */
+       /* **** */
+       || src_addr_masked_24 == 0xC284A200 /* 194.132.162.0 */
+       || dst_addr_masked_24 == 0xC284A200 /* 194.132.162.0 */
 	   ) {
         NDPI_LOG_INFO(ndpi_struct, "found spotify via ip range\n");
 	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_UNKNOWN);
@@ -140,4 +146,3 @@ void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c
index ce681d9b6..6b2bbd188 100644
--- a/src/lib/protocols/ssdp.c
+++ b/src/lib/protocols/ssdp.c
@@ -2,7 +2,7 @@
  * ssdp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SSDP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSDP
 
 #include "ndpi_api.h"
@@ -45,7 +43,7 @@ void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, struct n
   NDPI_LOG_DBG(ndpi_struct, "search ssdp\n");
   if (packet->udp != NULL) {
 
-    if (packet->payload_packet_len > 100) {
+    if (packet->payload_packet_len >= 19) {
       if ((memcmp(packet->payload, "M-SEARCH * HTTP/1.1", 19) == 0)
 	  || memcmp(packet->payload, "NOTIFY * HTTP/1.1", 17) == 0) {
 
@@ -80,4 +78,3 @@ void init_ssdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c
index 89b359040..1a20078c3 100644
--- a/src/lib/protocols/ssh.c
+++ b/src/lib/protocols/ssh.c
@@ -2,7 +2,7 @@
  * ssh.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SSH
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSH
 
 #include "ndpi_api.h"
@@ -99,4 +97,3 @@ void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-#endif
diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c
index 5c65b83c1..25d535a57 100644
--- a/src/lib/protocols/ssl.c
+++ b/src/lib/protocols/ssl.c
@@ -1,7 +1,7 @@
 /*
  * ssl.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,14 +23,11 @@
 
 #include "ndpi_protocol_ids.h"
 
-
-#ifdef NDPI_PROTOCOL_SSL
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSL
 
 #include "ndpi_api.h"
 
-/* #define CERTIFICATE_DEBUG 1 */
+// #define CERTIFICATE_DEBUG 1
 #define NDPI_MAX_SSL_REQUEST_SIZE 10000
 
 /* Skype.c */
@@ -42,8 +39,8 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st
 {
   struct ndpi_packet_struct *packet = &flow->packet;
 
-  if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')
-     || (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0')
+  if(((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0'))
+     || ((flow->l4.tcp.ssl_seen_server_cert == 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0'))
      || (flow->host_server_name[0] != '\0'))
     protocol = NDPI_PROTOCOL_SSL;
   else
@@ -65,9 +62,7 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st
 	if((sport == 465) || (dport == 465) || (sport == 587) || (dport == 587))
 	  protocol = NDPI_PROTOCOL_MAIL_SMTPS;
 	else if((sport == 993) || (dport == 993)
-#ifdef NDPI_PROTOCOL_MAIL_IMAP
 		|| (flow->l4.tcp.mail_imap_starttls)
-#endif
 		) protocol = NDPI_PROTOCOL_MAIL_IMAPS;
 	else if((sport == 995) || (dport == 995)) protocol = NDPI_PROTOCOL_MAIL_POPS;
       }
@@ -251,32 +246,56 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
 		u_int16_t compression_len;
 		u_int16_t extensions_len;
 
-		compression_len = packet->payload[offset+1];
-		offset += compression_len + 3;
+		offset++;
+		compression_len = packet->payload[offset];
+		offset++;
+
+#ifdef CERTIFICATE_DEBUG
+		printf("SSL [compression_len: %u]\n", compression_len);
+#endif
+
+		// offset += compression_len + 3;
+		offset += compression_len;
 
 		if(offset < total_len) {
-		  extensions_len = packet->payload[offset];
+		  extensions_len = ntohs(*((u_int16_t*)&packet->payload[offset]));
+		  offset += 2;
+
+#ifdef CERTIFICATE_DEBUG
+		  printf("SSL [extensions_len: %u]\n", extensions_len);
+#endif
 
-		  if((extensions_len+offset) < total_len) {
+		  if((extensions_len+offset) <= total_len) {
 		    /* Move to the first extension
 		       Type is u_int to avoid possible overflow on extension_len addition */
-		    u_int extension_offset = 1;
+		    u_int extension_offset = 0;
 
 		    while(extension_offset < extensions_len) {
 		      u_int16_t extension_id, extension_len;
 
-		      memcpy(&extension_id, &packet->payload[offset+extension_offset], 2);
+		      extension_id = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset]));
 		      extension_offset += 2;
 
-		      memcpy(&extension_len, &packet->payload[offset+extension_offset], 2);
+		      extension_len = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset]));
 		      extension_offset += 2;
 
-		      extension_id = ntohs(extension_id), extension_len = ntohs(extension_len);
+#ifdef CERTIFICATE_DEBUG
+		      printf("SSL [extension_id: %u][extension_len: %u]\n", extension_id, extension_len);
+#endif
 
 		      if(extension_id == 0) {
-			u_int begin = 0,len;
+#if 1
+			u_int16_t len;
+
+			len = (packet->payload[offset+extension_offset+3] << 8) + packet->payload[offset+extension_offset+4];			
+			len = (u_int)ndpi_min(len, buffer_len-1);
+			strncpy(buffer, (char*)&packet->payload[offset+extension_offset+5], len);
+			buffer[len] = '\0';			
+#else
+			/* old code */
+			u_int begin = 0;
 			char *server_name = (char*)&packet->payload[offset+extension_offset];
-
+			
 			while(begin < extension_len) {
 			  if((!ndpi_isprint(server_name[begin]))
 			     || ndpi_ispunct(server_name[begin])
@@ -289,13 +308,15 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
 			len = (u_int)ndpi_min(extension_len-begin, buffer_len-1);
 			strncpy(buffer, &server_name[begin], len);
 			buffer[len] = '\0';
+#endif
+			
 			stripCertificateTrailer(buffer, buffer_len);
 
 			if(!ndpi_struct->disable_metadata_export) {
 			  snprintf(flow->protos.stun_ssl.ssl.client_certificate,
 				   sizeof(flow->protos.stun_ssl.ssl.client_certificate), "%s", buffer);
 			}
-			
+
 			/* We're happy now */
 			return(2 /* Client Certificate */);
 		      }
@@ -321,24 +342,25 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi
   if((packet->payload_packet_len > 9) && (packet->payload[0] == 0x16)) {
     char certificate[64];
     int rc;
+
     certificate[0] = '\0';
     rc = getSSLcertificate(ndpi_struct, flow, certificate, sizeof(certificate));
     packet->ssl_certificate_num_checks++;
     if (rc > 0) {
       packet->ssl_certificate_detected++;
-      if (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0')
+      if ((flow->l4.tcp.ssl_seen_server_cert == 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0'))
         /* 0 means we're done processing extra packets (since we found what we wanted) */
         return 0;
     }
     /* Client hello, Server Hello, and certificate packets probably all checked in this case */
     if ((packet->ssl_certificate_num_checks >= 3)
-    && (flow->l4.tcp.seen_syn)
-    && (flow->l4.tcp.seen_syn_ack)
-    && (flow->l4.tcp.seen_ack) /* We have seen the 3-way handshake */)
-    {
-      /* We're done processing extra packets since we've probably checked all possible cert packets */
-      return 0;
-    }
+	&& (flow->l4.tcp.seen_syn)
+	&& (flow->l4.tcp.seen_syn_ack)
+	&& (flow->l4.tcp.seen_ack) /* We have seen the 3-way handshake */)
+      {
+	/* We're done processing extra packets since we've probably checked all possible cert packets */
+	return 0;
+      }
   }
   /* 1 means keep looking for more packets */
   return 1;
@@ -373,36 +395,40 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s
 #ifdef CERTIFICATE_DEBUG
 	NDPI_LOG_DBG2(ndpi_struct, "***** [SSL] %s\n", certificate);
 #endif
+	ndpi_protocol_match_result ret_match;
 	u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate,
-							 strlen(certificate), NDPI_PROTOCOL_SSL);
+							 strlen(certificate),
+							 &ret_match,
+							 NDPI_PROTOCOL_SSL);
+
 	if(subproto != NDPI_PROTOCOL_UNKNOWN) {
-    /* If we've detected the subprotocol from client certificate but haven't had a chance
-      * to see the server certificate yet, set up extra packet processing to wait
-      * a few more packets. */
-    if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0')) {
-      sslInitExtraPacketProcessing(0, flow);
-    }
-    ndpi_set_detected_protocol(ndpi_struct, flow, subproto,
-            ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL));
-    return(rc); /* Fix courtesy of Gianluca Costa <g.costa@xplico.org> */
-  }
-#ifdef NDPI_PROTOCOL_TOR
-  if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0)
-    return(rc);
-#endif
+	  /* If we've detected the subprotocol from client certificate but haven't had a chance
+	   * to see the server certificate yet, set up extra packet processing to wait
+	   * a few more packets. */
+	  if(((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) && ((flow->l4.tcp.ssl_seen_server_cert != 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0'))) {
+	    sslInitExtraPacketProcessing(0, flow);
+	  }
+
+	  ndpi_set_detected_protocol(ndpi_struct, flow, subproto,
+				     ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL));
+	  return(rc); /* Fix courtesy of Gianluca Costa <g.costa@xplico.org> */
+	}
+
+	if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0)
+	  return(rc);
       }
 
       if(((packet->ssl_certificate_num_checks >= 2)
 	  && flow->l4.tcp.seen_syn
 	  && flow->l4.tcp.seen_syn_ack
 	  && flow->l4.tcp.seen_ack /* We have seen the 3-way handshake */)
-	 || (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0')
-	 /* || (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') */
+	 || ((flow->l4.tcp.ssl_seen_server_cert == 1) && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0'))
+	 /* || ((flow->l4.tcp.ssl_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) */
 	 ) {
 	ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL);
-     }
+      }
+    }
   }
-     }
   return(0);
 }
 
@@ -410,24 +436,22 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct
 							    ndpi_detection_module_struct
 							    *ndpi_struct, struct ndpi_flow_struct *flow)
 {
-#if defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL)
   struct ndpi_packet_struct *packet = &flow->packet;
   u_int32_t a;
   u_int32_t end;
-#if defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER)
+
   if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER) != 0)
     goto check_for_ssl_payload;
-#endif
-#if defined(NDPI_PROTOCOL_OSCAR)
+
   if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_OSCAR) != 0)
     goto check_for_ssl_payload;
-#endif
-  goto no_check_for_ssl_payload;
+  else
+    goto no_check_for_ssl_payload;
 
  check_for_ssl_payload:
   end = packet->payload_packet_len - 20;
   for (a = 5; a < end; a++) {
-#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER
+
     if(packet->payload[a] == 't') {
       if(memcmp(&packet->payload[a], "talk.google.com", 15) == 0) {
 	if(NDPI_COMPARE_PROTOCOL_TO_BITMASK
@@ -438,8 +462,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct
 	}
       }
     }
-#endif
-#ifdef NDPI_PROTOCOL_OSCAR
+
     if(packet->payload[a] == 'A' || packet->payload[a] == 'k' || packet->payload[a] == 'c'
        || packet->payload[a] == 'h') {
       if(((a + 19) < packet->payload_packet_len && memcmp(&packet->payload[a], "America Online Inc.", 19) == 0)
@@ -475,11 +498,9 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct
 	return;
       }
     }
-#endif
   }
 
  no_check_for_ssl_payload:
-#endif
   if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
     NDPI_LOG_DBG(ndpi_struct, "found ssl connection\n");
     sslDetectProtocolFromCertificate(ndpi_struct, flow);
@@ -491,7 +512,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct
       ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL_NO_CERT);
     } else
       NDPI_LOG_INFO(ndpi_struct, "found ssl\n");
-      ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL);
+    ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL);
   }
 }
 
@@ -502,13 +523,10 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct
   struct ndpi_packet_struct *packet = &flow->packet;
 
   if((packet->payload_packet_len >= 5)
-     && (packet->payload[0] == 0x16)
+     && ((packet->payload[0] == 0x16) || packet->payload[0] == 0x17)
      && (packet->payload[1] == 0x03)
-     && ((packet->payload[2] == 0x00)
-	 || (packet->payload[2] == 0x01)
-	 || (packet->payload[2] == 0x02)
-	 || (packet->payload[2] == 0x03)
-	 )) {
+     && ((packet->payload[2] == 0x00) || (packet->payload[2] == 0x01) ||
+         (packet->payload[2] == 0x02) || (packet->payload[2] == 0x03))) {
     u_int32_t temp;
     NDPI_LOG_DBG2(ndpi_struct, "search sslv3\n");
     // SSLv3 Record
@@ -527,16 +545,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct
       u_int32_t cert_start;
 
       NDPI_LOG_DBG2(ndpi_struct,
-	       "maybe SSLv3 server hello split into smaller packets\n");
+		    "maybe SSLv3 server hello split into smaller packets\n");
 
       /* lets hope at least the server hello and the start of the certificate block are in the first packet */
       cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 4;
       NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n",
-	       cert_start);
+		    cert_start);
 
       if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) {
 	NDPI_LOG_DBG2(ndpi_struct,
-		 "found 0x0b at suspected start of certificate block\n");
+		      "found 0x0b at suspected start of certificate block\n");
 	return 2;
       }
     }
@@ -547,16 +565,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct
       u_int32_t cert_start;
 
       NDPI_LOG_DBG2(ndpi_struct,
-	       "maybe SSLv3 server hello split into smaller packets but with seperate record for the certificate\n");
+		    "maybe SSLv3 server hello split into smaller packets but with seperate record for the certificate\n");
 
       /* lets hope at least the server hello record and the start of the certificate record are in the first packet */
       cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 5 + 4;
       NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n",
-	       cert_start);
+		    cert_start);
 
       if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) {
 	NDPI_LOG_DBG2(ndpi_struct,
-		 "found 0x0b at suspected start of certificate block\n");
+		      "found 0x0b at suspected start of certificate block\n");
 	return 2;
       }
     }
@@ -614,7 +632,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
        * so go on checking for certificate patterns for a couple more packets
        */
       NDPI_LOG_DBG2(ndpi_struct,
-	       "ssl flow but check another packet for patterns\n");
+		    "ssl flow but check another packet for patterns\n");
       ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow);
       if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) {
 	/* still ssl so check another packet */
@@ -670,6 +688,17 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
       flow->l4.tcp.ssl_stage = 1 + packet->packet_direction;
       return;
     }
+
+    // Application Data pkt
+    if(packet->payload[0] == 0x17 && packet->payload[1] == 0x03
+       && (packet->payload[2] == 0x00 || packet->payload[2] == 0x01 ||
+           packet->payload[2] == 0x02 || packet->payload[2] == 0x03)) {
+        if(packet->payload_packet_len - ntohs(get_u_int16_t(packet->payload, 3)) == 5) {
+            NDPI_LOG_DBG2(ndpi_struct, "TLS len match\n");
+            flow->l4.tcp.ssl_stage = 1 + packet->packet_direction;
+            return;
+        }
+    }
   }
 
   if(packet->payload_packet_len > 40 &&
@@ -696,7 +725,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
       return;
     } else if(ret == 2) {
       NDPI_LOG_DBG2(ndpi_struct,
-	       "sslv3 server len match with split packet -> check some more packets for SSL patterns\n");
+		    "sslv3 server len match with split packet -> check some more packets for SSL patterns\n");
       ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow);
       if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) {
 	flow->l4.tcp.ssl_stage = 3;
@@ -726,5 +755,3 @@ void init_ssl_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c
index 73cdd0b12..8c344d78d 100644
--- a/src/lib/protocols/starcraft.c
+++ b/src/lib/protocols/starcraft.c
@@ -2,7 +2,7 @@
 * starcraft.c
 * 
 * Copyright (C) 2015 - Matteo Bracci <matteobracci1@gmail.com>
-* Copyright (C) 2015 - ntop.org
+* Copyright (C) 2015-18 - ntop.org
 *
 * nDPI is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
@@ -21,8 +21,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_STARCRAFT
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STARCRAFT
 
 #include "ndpi_api.h"
@@ -155,4 +153,3 @@ void init_starcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/stealthnet.c b/src/lib/protocols/stealthnet.c
index 8bd75b1a3..00c7ba648 100644
--- a/src/lib/protocols/stealthnet.c
+++ b/src/lib/protocols/stealthnet.c
@@ -2,7 +2,7 @@
  * stealthnet.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_STEALTHNET
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEALTHNET
 
 #include "ndpi_api.h"
@@ -69,4 +67,3 @@ void init_stealthnet_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c
index 64eaa04fe..0a737baf9 100644
--- a/src/lib/protocols/steam.c
+++ b/src/lib/protocols/steam.c
@@ -25,8 +25,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_STEAM
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEAM
 
 #include "ndpi_api.h"
@@ -299,5 +297,3 @@ void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index 8f374ff59..c169a47db 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -2,7 +2,7 @@
  * stun.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_STUN
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STUN
 
 #include "ndpi_api.h"
@@ -108,7 +106,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
       case 0x4002:
 	/* These are the only messages apparently whatsapp voice can use */
 	break;
-	      
+	
       case 0x8054: /* Candidate Identifier */
 	if((len == 4)
 	   && ((offset+7) < payload_length)
@@ -121,6 +119,20 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
 	}
 	break;
 
+      case 0x8055: /* MS Service Quality (skype?) */
+	break;
+
+	/* Proprietary fields found on skype calls */
+      case 0x24DF:
+      case 0x3802:
+      case 0x8036:
+      case 0x8095:
+      case 0x0800:
+	/* printf("====>>>> %04X\n", attribute); */
+	flow->protos.stun_ssl.stun.is_skype = 1;
+	return(NDPI_IS_STUN);
+	break;
+	
       case 0x8070: /* Implementation Version */
 	if((len == 4)
 	   && ((offset+7) < payload_length)
@@ -191,7 +203,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n
 	  NDPI_LOG_INFO(ndpi_struct, "found Skype\n");
 
 	  if((flow->protos.stun_ssl.stun.num_processed_pkts >= 8) || (flow->protos.stun_ssl.stun.num_binding_requests >= 4))
-	    ndpi_set_detected_protocol(ndpi_struct, flow, (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT, NDPI_PROTOCOL_SKYPE);
+	    ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE);
 	} else {
 	  NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); /* Ummmmm we're in the TCP branch. This code looks bad */
 	  ndpi_int_stun_add_connection(ndpi_struct,
@@ -209,9 +221,10 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n
     
     if(flow->protos.stun_ssl.stun.is_skype) {
       NDPI_LOG_INFO(ndpi_struct, "Found Skype\n");
-      
+
+      /* flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT */ 
       if((flow->protos.stun_ssl.stun.num_processed_pkts >= 8) || (flow->protos.stun_ssl.stun.num_binding_requests >= 4))
-	ndpi_set_detected_protocol(ndpi_struct, flow, (flow->protos.stun_ssl.stun.num_binding_requests < 4) ? NDPI_PROTOCOL_SKYPE_CALL_IN : NDPI_PROTOCOL_SKYPE_CALL_OUT, NDPI_PROTOCOL_SKYPE);
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE);
     } else {
       NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n");
       ndpi_int_stun_add_connection(ndpi_struct,
@@ -242,5 +255,3 @@ void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c
index d83cd99f7..fc51fc065 100644
--- a/src/lib/protocols/syslog.c
+++ b/src/lib/protocols/syslog.c
@@ -2,7 +2,7 @@
  * syslog.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_SYSLOG
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SYSLOG
 
 #include "ndpi_api.h"
@@ -131,5 +129,3 @@ void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c
index 407d36b3b..2d28182df 100644
--- a/src/lib/protocols/tcp_udp.c
+++ b/src/lib/protocols/tcp_udp.c
@@ -1,7 +1,7 @@
 /*
  * tcp_or_udp.c
  *
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c
index df13c9756..214a2fe99 100644
--- a/src/lib/protocols/teamspeak.c
+++ b/src/lib/protocols/teamspeak.c
@@ -19,8 +19,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_TEAMSPEAK
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEAMSPEAK
 
 #include "ndpi_api.h"
@@ -79,4 +77,3 @@ void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c
index f06e40a73..1fa39ff43 100644
--- a/src/lib/protocols/teamviewer.c
+++ b/src/lib/protocols/teamviewer.c
@@ -2,7 +2,7 @@
  * teamviewer.c
  *
  * Copyright (C) 2012 by Gianluca Costa xplico.org
- * Copyright (C) 2012-15 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_TEAMVIEWER
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEAMVIEWER
 
 #include "ndpi_api.h"
@@ -116,4 +114,3 @@ void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c
index d80f5f6b5..79be38eae 100644
--- a/src/lib/protocols/telegram.c
+++ b/src/lib/protocols/telegram.c
@@ -2,7 +2,7 @@
  * telegram.c
  *
  * Copyright (C) 2014 by Gianluca Costa xplico.org
- * Copyright (C) 2012-15 - ntop.org
+ * Copyright (C) 2012-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_TELEGRAM
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELEGRAM
 
 #include "ndpi_api.h"
@@ -83,4 +81,3 @@ void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c
index 264e83aa1..33d19e1dc 100644
--- a/src/lib/protocols/telnet.c
+++ b/src/lib/protocols/telnet.c
@@ -2,7 +2,7 @@
  * telnet.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_TELNET
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELNET
 
 #include "ndpi_api.h"
@@ -117,5 +115,3 @@ void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c
index 2439f997b..e377d09a4 100644
--- a/src/lib/protocols/teredo.c
+++ b/src/lib/protocols/teredo.c
@@ -1,7 +1,7 @@
 /*
  * teredo.c
  *
- * Copyright (C) 2015 - ntop.org
+ * Copyright (C) 2015-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_TEREDO
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEREDO
 
 #include "ndpi_api.h"
@@ -34,7 +32,7 @@ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct
   NDPI_LOG_DBG(ndpi_struct,"search teredo\n");
   if(packet->udp
      && packet->iph
-     && ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */)
+     && ((ntohl(packet->iph->daddr) & 0xF0000000) != 0xE0000000 /* Not a multicast address */)
      && ((ntohs(packet->udp->source) == 3544) || (ntohs(packet->udp->dest) == 3544))
      && (packet->payload_packet_len >= 40 /* IPv6 header */)) {
     NDPI_LOG_INFO(ndpi_struct,"found teredo\n");
@@ -57,4 +55,3 @@ void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/tftp.c b/src/lib/protocols/tftp.c
index 082e04326..f3da3463c 100644
--- a/src/lib/protocols/tftp.c
+++ b/src/lib/protocols/tftp.c
@@ -2,7 +2,7 @@
  * tftp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_TFTP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TFTP
 
 #include "ndpi_api.h"
@@ -79,4 +77,3 @@ void init_tftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c
index 384436f13..754f68f60 100644
--- a/src/lib/protocols/thunder.c
+++ b/src/lib/protocols/thunder.c
@@ -2,7 +2,7 @@
  * thunder.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_THUNDER
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_THUNDER
 
 #include "ndpi_api.h"
@@ -221,5 +219,3 @@ void init_thunder_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c
index 19bfa34aa..7ee4105e8 100644
--- a/src/lib/protocols/tinc.c
+++ b/src/lib/protocols/tinc.c
@@ -2,7 +2,7 @@
  * tinc.c
  *
  * Copyright (C) 2017 - William Guglielmo <william@deselmo.com>
- * Copyright (C) 2017 - ntop.org
+ * Copyright (C) 2017-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_TINC
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TINC
 
 #include "ndpi_api.h"
@@ -154,4 +152,3 @@ void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c
index 462833db0..f1c6f586a 100644
--- a/src/lib/protocols/tor.c
+++ b/src/lib/protocols/tor.c
@@ -1,14 +1,12 @@
 /*
  * tor.c
  *
- * Copyright (C) 2016 ntop.org
+ * Copyright (C) 2016-18 ntop.org
  * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
  *
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_TOR
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TOR
 
 #include "ndpi_api.h"
@@ -22,7 +20,7 @@ static void ndpi_int_tor_add_connection(struct ndpi_detection_module_struct
 
 int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct,
 		    struct ndpi_flow_struct *flow, char *certificate) {  
-  int prev_num = 0, numbers_found = 0, num_found = 0, i, len;
+  int prev_num = 0, numbers_found = 0, num_found = 0, i, len, num_impossible = 0;
   char dummy[48], *dot, *name;
 
   if(certificate == NULL)
@@ -73,12 +71,11 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct,
       if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, &name[i])) {
 	num_found++;
       } else if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, &name[i])) {
-	ndpi_int_tor_add_connection(ndpi_struct, flow);
-	return(1);
+	num_impossible++;
       }
     }
 
-    if(num_found == 0) {
+    if((num_found == 0) || (num_impossible > 1)) {
       ndpi_int_tor_add_connection(ndpi_struct, flow);
       return(1);
     } else {
@@ -133,4 +130,3 @@ void init_tor_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/tvants.c b/src/lib/protocols/tvants.c
index ceee278b9..eafce38c4 100644
--- a/src/lib/protocols/tvants.c
+++ b/src/lib/protocols/tvants.c
@@ -2,7 +2,7 @@
  * tvants.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_TVANTS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVANTS
 
 #include "ndpi_api.h"
@@ -85,5 +83,3 @@ void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c
index 2160a5afa..ce84c7de3 100644
--- a/src/lib/protocols/tvuplayer.c
+++ b/src/lib/protocols/tvuplayer.c
@@ -2,7 +2,7 @@
  * tvuplayer.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_TVUPLAYER
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVUPLAYER
 
 #include "ndpi_api.h"
@@ -160,5 +158,3 @@ void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c
index d8392fda7..2e35d1d98 100644
--- a/src/lib/protocols/ubntac2.c
+++ b/src/lib/protocols/ubntac2.c
@@ -21,13 +21,10 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_UBNTAC2
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UBNTAC2
 
 #include "ndpi_api.h"
 
-
 static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
 {
   ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UBNTAC2, NDPI_PROTOCOL_UNKNOWN);
@@ -94,5 +91,3 @@ void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/upnp.c b/src/lib/protocols/upnp.c
new file mode 100644
index 000000000..1706d021d
--- /dev/null
+++ b/src/lib/protocols/upnp.c
@@ -0,0 +1,65 @@
+/*
+ * upnp.c
+ *
+ * Copyright (C) 2018 - ntop.org
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "ndpi_protocol_ids.h"
+
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UPNP
+
+#include "ndpi_api.h"
+
+#define UPNP_PORT 3702
+
+void ndpi_search_upnp(struct ndpi_detection_module_struct *ndpi_struct,
+		      struct ndpi_flow_struct *flow) {
+  struct ndpi_packet_struct *packet = &flow->packet;
+
+  NDPI_LOG_DBG(ndpi_struct, "search upnp\n");
+
+  if(packet->udp
+     && (
+	 (packet->iph && ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */))
+#ifdef NDPI_DETECTION_SUPPORT_IPV6
+	 ||
+	 (packet->iphv6 && ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]) == 0xFF020000)
+#endif
+	 )
+     && (ntohs(packet->udp->dest) == UPNP_PORT)
+     && (packet->payload_packet_len >= 40)
+     && (strncmp((char*)packet->payload, "<?xml", 5) == 0)
+     ) {
+    NDPI_LOG_INFO(ndpi_struct,"found teredo\n");
+    ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UPNP, NDPI_PROTOCOL_UNKNOWN);
+  } else {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+  }
+}
+
+
+void init_upnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id,
+			 NDPI_PROTOCOL_BITMASK *detection_bitmask) {
+  ndpi_set_bitmask_protocol_detection("UPNP", ndpi_struct, detection_bitmask, *id,
+				      NDPI_PROTOCOL_UPNP,
+				      ndpi_search_upnp,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+				      ADD_TO_DETECTION_BITMASK);
+  *id += 1;
+}
+
diff --git a/src/lib/protocols/usenet.c b/src/lib/protocols/usenet.c
index 0a995d6f8..6a2970d6e 100644
--- a/src/lib/protocols/usenet.c
+++ b/src/lib/protocols/usenet.c
@@ -2,7 +2,7 @@
  * usenet.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -25,8 +25,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_USENET
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_USENET
 
 #include "ndpi_api.h"
@@ -104,5 +102,3 @@ void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c
index 844eaf84f..eef5c065f 100644
--- a/src/lib/protocols/vhua.c
+++ b/src/lib/protocols/vhua.c
@@ -1,7 +1,7 @@
 /*
  * vhua.c
  *
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * nDPI is free software: you can vhuatribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -19,8 +19,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_VHUA
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VHUA
 
 #include "ndpi_api.h"
@@ -79,4 +77,3 @@ void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c
index 517b74b91..65e227234 100644
--- a/src/lib/protocols/viber.c
+++ b/src/lib/protocols/viber.c
@@ -2,7 +2,7 @@
  * viber.c 
  *
  * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
- * Copyright (C) 2013 - 2014 ntop.org
+ * Copyright (C) 2013-18 - ntop.org
  *
  * This module is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_VIBER
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VIBER
 
 #include "ndpi_api.h"
@@ -61,5 +59,3 @@ void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
   *id += 1;
 }
 
-
-#endif
diff --git a/src/lib/protocols/vmware.c b/src/lib/protocols/vmware.c
index 34fe84ab9..138d09bbc 100644
--- a/src/lib/protocols/vmware.c
+++ b/src/lib/protocols/vmware.c
@@ -1,7 +1,7 @@
 /*
  * vmware.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_VMWARE
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VMWARE
 
 #include "ndpi_api.h"
@@ -56,5 +54,3 @@ void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
   
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c
index 6bbb26c6d..65988bce6 100644
--- a/src/lib/protocols/vnc.c
+++ b/src/lib/protocols/vnc.c
@@ -1,7 +1,7 @@
 /*
  * vnc.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -22,8 +22,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_VNC
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VNC
 
 #include "ndpi_api.h"
@@ -76,5 +74,3 @@ void init_vnc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c
index bbc1d8388..3f970bd25 100644
--- a/src/lib/protocols/warcraft3.c
+++ b/src/lib/protocols/warcraft3.c
@@ -2,7 +2,7 @@
  * warcraft3.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_WARCRAFT3
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WARCRAFT3
 
 #include "ndpi_api.h"
@@ -106,4 +104,3 @@ void init_warcraft3_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/whatsapp.c b/src/lib/protocols/whatsapp.c
index b079dcd01..6964a8e0e 100644
--- a/src/lib/protocols/whatsapp.c
+++ b/src/lib/protocols/whatsapp.c
@@ -19,8 +19,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_WHATSAPP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WHATSAPP
 
 #include "ndpi_api.h"
@@ -35,12 +33,30 @@ void ndpi_search_whatsapp(struct ndpi_detection_module_struct *ndpi_struct,
 
   NDPI_LOG_DBG(ndpi_struct, "search WhatsApp\n");
 
+  if(flow->l4.tcp.wa_matched_so_far == 0) {
+    if(memcmp(packet->payload, whatsapp_sequence, packet->payload_packet_len)) {
+      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    } else
+      flow->l4.tcp.wa_matched_so_far = packet->payload_packet_len;
+
+    return;
+  } else {
+    if(memcmp(packet->payload, &whatsapp_sequence[flow->l4.tcp.wa_matched_so_far],
+	      sizeof(whatsapp_sequence)-flow->l4.tcp.wa_matched_so_far))
+      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    else
+      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN);
+
+    return;
+  }
+
   if((packet->payload_packet_len > 240)
      && (memcmp(packet->payload, whatsapp_sequence, sizeof(whatsapp_sequence)) == 0)) {
     NDPI_LOG_INFO(ndpi_struct, "found WhatsApp\n");
     ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN);
-  } else 
-    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);  
+  }
+
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 }
 
 
@@ -55,6 +71,3 @@ void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
 }
-
-
-#endif
diff --git a/src/lib/protocols/whoisdas.c b/src/lib/protocols/whoisdas.c
index 291ae15ca..335aa6f65 100644
--- a/src/lib/protocols/whoisdas.c
+++ b/src/lib/protocols/whoisdas.c
@@ -1,7 +1,7 @@
 /*
  * whoisdas.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -20,8 +20,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_WHOIS_DAS
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WHOIS_DAS
 
 #include "ndpi_api.h"
@@ -75,5 +73,3 @@ void init_whois_das_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/world_of_kung_fu.c b/src/lib/protocols/world_of_kung_fu.c
index 534addc7d..d179ef526 100644
--- a/src/lib/protocols/world_of_kung_fu.c
+++ b/src/lib/protocols/world_of_kung_fu.c
@@ -2,7 +2,7 @@
  * world_of_kung_fu.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,7 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_WORLD_OF_KUNG_FU
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WORLD_OF_KUNG_FU
 #include "ndpi_api.h"
 
@@ -64,5 +63,3 @@ void init_world_of_kung_fu_dissector(struct ndpi_detection_module_struct *ndpi_s
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c
index bfcf3f4e1..acb010a85 100644
--- a/src/lib/protocols/world_of_warcraft.c
+++ b/src/lib/protocols/world_of_warcraft.c
@@ -2,7 +2,7 @@
  * world_of_warcraft.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,8 +23,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WORLDOFWARCRAFT
 
 #include "ndpi_api.h"
@@ -215,4 +213,3 @@ void init_world_of_warcraft_dissector(struct ndpi_detection_module_struct *ndpi_
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/xbox.c b/src/lib/protocols/xbox.c
index 3182c191c..5d1f64d43 100644
--- a/src/lib/protocols/xbox.c
+++ b/src/lib/protocols/xbox.c
@@ -1,7 +1,7 @@
 /*
  * xbox.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -23,7 +23,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_XBOX
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XBOX
 #include "ndpi_api.h"
 
@@ -84,9 +83,7 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n
     }
 
     /* exclude here all non matched udp traffic, exclude here tcp only if http has been excluded, because xbox could use http */
-#ifdef NDPI_PROTOCOL_HTTP
     if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) {
-#endif
       NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
     }
   }
@@ -106,4 +103,3 @@ void init_xbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/xdmcp.c b/src/lib/protocols/xdmcp.c
index 71bcd9c69..35b08b91b 100644
--- a/src/lib/protocols/xdmcp.c
+++ b/src/lib/protocols/xdmcp.c
@@ -2,7 +2,7 @@
  * xdmcp.c
  *
  * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -24,8 +24,6 @@
 
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_XDMCP
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XDMCP
 
 #include "ndpi_api.h"
@@ -77,5 +75,3 @@ void init_xdmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/yahoo.c b/src/lib/protocols/yahoo.c
index 1144fb4ef..3be953939 100644
--- a/src/lib/protocols/yahoo.c
+++ b/src/lib/protocols/yahoo.c
@@ -1,7 +1,7 @@
 /*
  * yahoo.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -22,11 +22,9 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_YAHOO
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_YAHOO
-#include "ndpi_api.h"
-
 
+#include "ndpi_api.h"
 
 struct ndpi_yahoo_header {
   u_int8_t YMSG_str[4];
@@ -313,9 +311,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru
 	}
       }
       /* detect YAHOO over HTTP proxy */
-#ifdef NDPI_PROTOCOL_HTTP
       if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP)
-#endif
 	{
 	  if (flow->l4.tcp.yahoo_http_proxy_stage == 0) {
 	    
@@ -370,12 +366,8 @@ void ndpi_search_yahoo(struct ndpi_detection_module_struct *ndpi_struct, struct
     if(packet->tcp != NULL && packet->tcp_retransmission == 0) {
 
       if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN
-#ifdef NDPI_PROTOCOL_HTTP
 	 || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP
-#endif
-#ifdef NDPI_PROTOCOL_SSL
 	 || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) {
-#endif
         /* search over TCP */
 	ndpi_search_yahoo_tcp(ndpi_struct, flow);
       }
@@ -412,4 +404,3 @@ void init_yahoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
   *id += 1;
 }
 
-#endif
diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c
index c3e514dda..3b0c02d80 100644
--- a/src/lib/protocols/zattoo.c
+++ b/src/lib/protocols/zattoo.c
@@ -1,7 +1,7 @@
 /*
  * zattoo.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -22,8 +22,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_ZATTOO
-
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ZATTOO
 
 #include "ndpi_api.h"
@@ -240,5 +238,3 @@ void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c
index c7c8e9519..aa73d4a6d 100644
--- a/src/lib/protocols/zeromq.c
+++ b/src/lib/protocols/zeromq.c
@@ -1,7 +1,7 @@
 /*
  * zmq.c
  *
- * Copyright (C) 2016 - ntop.org
+ * Copyright (C) 2016-18 - ntop.org
  *
  * nDPI is free software: you can zmqtribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -19,7 +19,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#ifdef NDPI_PROTOCOL_ZMQ
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ZMQ
 
 #include "ndpi_api.h"
@@ -109,5 +108,3 @@ void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
 
   *id += 1;
 }
-
-#endif
diff --git a/src/lib/third_party/include/actypes.h b/src/lib/third_party/include/actypes.h
index 807e5026a..5a94b63a1 100644
--- a/src/lib/third_party/include/actypes.h
+++ b/src/lib/third_party/include/actypes.h
@@ -42,9 +42,9 @@ typedef char AC_ALPHABET_t;
  * automata for further reference. we provisioned two possible types as a
  * union for this purpose. you can add your desired type in it.
  **/
-typedef union {
-  char * stringy; /* null-terminated string */
-  unsigned long number;
+typedef struct {
+  int number;
+  unsigned int category, breed;
 } AC_REP_t;
 
 /* AC_PATTERN_t:
@@ -112,20 +112,20 @@ typedef enum
 			      ac_automata_finalize() you can not add new patterns to the automata. */
   } AC_ERROR_t;
 
-/* MATCH_CALBACK_t:
+/* MATCH_CALLBACK_t:
  * This is the call-back function type that must be given to automata at
  * initialization to report match occurrence to the caller.
  * at a match event, the automata will reach you using this function and sends
  * you a pointer to AC_MATCH_t. using that pointer you can handle
  * matches. you can send parameters to the call-back function when you call
  * ac_automata_search(). at call-back, the automata will sent you those
- * parameters as the second parameter (void *) of MATCH_CALBACK_t. inside
+ * parameters as the second parameter (void *) of MATCH_CALLBACK_t. inside
  * the call-back function you can cast it to whatever you want.
- * If you return 0 from MATCH_CALBACK_t function to the automata, it will
+ * If you return 0 from MATCH_CALLBACK_t function to the automata, it will
  * continue searching, otherwise it will return from ac_automata_search()
  * to your calling function.
  **/
-typedef int (*MATCH_CALBACK_f)(AC_MATCH_t *, AC_TEXT_t *, void *);
+typedef int (*MATCH_CALLBACK_f)(AC_MATCH_t *, AC_TEXT_t *, AC_REP_t *);
 
 /* AC_PATTRN_MAX_LENGTH:
  * Maximum acceptable pattern length in AC_PATTERN_t.length
diff --git a/src/lib/third_party/include/ahocorasick.h b/src/lib/third_party/include/ahocorasick.h
index ea92e4a1b..192a0e728 100644
--- a/src/lib/third_party/include/ahocorasick.h
+++ b/src/lib/third_party/include/ahocorasick.h
@@ -36,7 +36,7 @@ typedef struct
   unsigned int all_nodes_max; /* Current max allocated memory for *all_nodes */
 
   AC_MATCH_t match; /* Any match is reported with this */
-  MATCH_CALBACK_f match_callback; /* Match call-back function */
+  MATCH_CALLBACK_f match_callback; /* Match call-back function */
 
   /* this flag indicates that if automata is finalized by
    * ac_automata_finalize() or not. 1 means finalized and 0
@@ -58,10 +58,10 @@ typedef struct
 } AC_AUTOMATA_t;
 
 
-AC_AUTOMATA_t * ac_automata_init     (MATCH_CALBACK_f mc);
+AC_AUTOMATA_t * ac_automata_init     (MATCH_CALLBACK_f mc);
 AC_ERROR_t      ac_automata_add      (AC_AUTOMATA_t * thiz, AC_PATTERN_t * str);
 void            ac_automata_finalize (AC_AUTOMATA_t * thiz);
-int             ac_automata_search   (AC_AUTOMATA_t * thiz, AC_TEXT_t * str, void * param);
+int             ac_automata_search   (AC_AUTOMATA_t * thiz, AC_TEXT_t * str, AC_REP_t * param);
 void            ac_automata_reset    (AC_AUTOMATA_t * thiz);
 void            ac_automata_release  (AC_AUTOMATA_t * thiz);
 void            ac_automata_display  (AC_AUTOMATA_t * thiz, char repcast);
diff --git a/src/lib/third_party/include/hash.h b/src/lib/third_party/include/ht_hash.h
index 8862671b1..2251706e4 100644
--- a/src/lib/third_party/include/hash.h
+++ b/src/lib/third_party/include/ht_hash.h
@@ -3,6 +3,8 @@
 #ifndef _HASH_H_
 #define _HASH_H_
 
+#include "ndpi_api.h"
+
 struct entry_s {
   char *key;
   u_int16_t value;
@@ -23,5 +25,6 @@ extern int ht_hash( hashtable_t *hashtable, char *key );
 extern entry_t *ht_newpair( char *key, u_int16_t value );
 extern void ht_set( hashtable_t *hashtable, char *key, u_int16_t value );
 extern u_int16_t ht_get( hashtable_t *hashtable, char *key );
+extern void ht_free( hashtable_t *hashtable );
 
 #endif /* _HASH_H_ */
diff --git a/src/lib/third_party/include/lruc.h b/src/lib/third_party/include/lruc.h
new file mode 100644
index 000000000..55fb271fe
--- /dev/null
+++ b/src/lib/third_party/include/lruc.h
@@ -0,0 +1,55 @@
+#include <pthread.h>
+#include <stdint.h>
+#include <time.h>
+
+#ifndef __lruc_header__
+#define __lruc_header__
+
+// ------------------------------------------
+// errors
+// ------------------------------------------
+typedef enum {
+  LRUC_NO_ERROR = 0,
+  LRUC_MISSING_CACHE,
+  LRUC_MISSING_KEY,
+  LRUC_MISSING_VALUE,
+  LRUC_PTHREAD_ERROR,
+  LRUC_VALUE_TOO_LARGE
+} lruc_error;
+
+
+// ------------------------------------------
+// types
+// ------------------------------------------
+typedef struct {
+  void      *value;
+  void      *key;
+  uint32_t  value_length;
+  uint32_t  key_length;
+  uint64_t  access_count;
+  void      *next;
+} lruc_item;
+
+typedef struct {
+  lruc_item **items;
+  uint64_t  access_count;
+  uint64_t  free_memory;
+  uint64_t  total_memory;
+  uint64_t  average_item_length;
+  uint32_t  hash_table_size;
+  time_t    seed;
+  lruc_item *free_items;
+  pthread_mutex_t *mutex;
+} lruc;
+
+
+// ------------------------------------------
+// api
+// ------------------------------------------
+lruc *lruc_new(uint64_t cache_size, uint32_t average_length);
+lruc_error lruc_free(lruc *cache);
+lruc_error lruc_set(lruc *cache, void *key, uint32_t key_length, void *value, uint32_t value_length);
+lruc_error lruc_get(lruc *cache, void *key, uint32_t key_length, void **value);
+lruc_error lruc_delete(lruc *cache, void *key, uint32_t key_length);
+
+#endif
diff --git a/src/lib/third_party/include/ndpi_patricia.h b/src/lib/third_party/include/ndpi_patricia.h
index bb1806877..c61513f92 100644
--- a/src/lib/third_party/include/ndpi_patricia.h
+++ b/src/lib/third_party/include/ndpi_patricia.h
@@ -102,7 +102,7 @@ typedef struct the_prefix_t {
 /* pointer to usr data (ex. route flap info) */
 union patricia_node_value_t {
   void *user_data;
-  u_int32_t user_value;
+  unsigned int user_value;
 };
 
 typedef struct _patricia_node_t {
diff --git a/src/lib/third_party/src/ahocorasick.c b/src/lib/third_party/src/ahocorasick.c
index fd6541dd7..371dc06f8 100644
--- a/src/lib/third_party/src/ahocorasick.c
+++ b/src/lib/third_party/src/ahocorasick.c
@@ -44,10 +44,10 @@ static void ac_automata_traverse_setfailure
  * FUNCTION: ac_automata_init
  * Initialize automata; allocate memories and set initial values
  * PARAMS:
- * MATCH_CALBACK mc: call-back function
+ * MATCH_CALLBACK mc: call-back function
  * the call-back function will be used to reach the caller on match occurrence
  ******************************************************************************/
-AC_AUTOMATA_t * ac_automata_init (MATCH_CALBACK_f mc)
+AC_AUTOMATA_t * ac_automata_init (MATCH_CALLBACK_f mc)
 {
   AC_AUTOMATA_t * thiz = (AC_AUTOMATA_t *)ndpi_malloc(sizeof(AC_AUTOMATA_t));
   memset (thiz, 0, sizeof(AC_AUTOMATA_t));
@@ -159,7 +159,7 @@ void ac_automata_finalize (AC_AUTOMATA_t * thiz)
  *  0: success; continue searching; call-back sent me a 0 value
  *  1: success; stop searching; call-back sent me a non-0 value
  ******************************************************************************/
-int ac_automata_search (AC_AUTOMATA_t * thiz, AC_TEXT_t * txt, void * param)
+int ac_automata_search (AC_AUTOMATA_t * thiz, AC_TEXT_t * txt, AC_REP_t * param)
 {
   unsigned long position;
   AC_NODE_t *curr;
@@ -283,10 +283,10 @@ void ac_automata_display (AC_AUTOMATA_t * thiz, char repcast)
 	    switch (repcast)
 	      {
 	      case 'n':
-		printf("%ld", sid.rep.number);
-		break;
-	      case 's':
-		printf("%s", sid.rep.stringy);
+		printf("%u/%u/%u",
+		       sid.rep.number,
+		       sid.rep.category,
+		       sid.rep.breed);
 		break;
 	      }
 	  }
@@ -304,7 +304,7 @@ static void ac_automata_register_nodeptr (AC_AUTOMATA_t * thiz, AC_NODE_t * node
 {
   if(thiz->all_nodes_num >= thiz->all_nodes_max)
     {
-      thiz->all_nodes = ndpi_realloc(thiz->all_nodes, 
+      thiz->all_nodes = ndpi_realloc(thiz->all_nodes,
 				     thiz->all_nodes_max*sizeof(AC_NODE_t *),
 				     (REALLOC_CHUNK_ALLNODES+thiz->all_nodes_max)*sizeof(AC_NODE_t *)
 				     );
diff --git a/src/lib/third_party/src/hash.c b/src/lib/third_party/src/ht_hash.c
index 792d6086e..4eaac9bcb 100644
--- a/src/lib/third_party/src/hash.c
+++ b/src/lib/third_party/src/ht_hash.c
@@ -1,11 +1,13 @@
 /* Based on https://gist.github.com/tonious/1377667 */
 
+#include <stdint.h>
+#include <sys/types.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <limits.h>
 #include <string.h>
 
-#include "hash.h"
+#include "ht_hash.h"
 
 /* #define HASH_DEBUG 1 */
 
diff --git a/src/lib/third_party/src/lruc.c b/src/lib/third_party/src/lruc.c
new file mode 100644
index 000000000..f08fb2ce1
--- /dev/null
+++ b/src/lib/third_party/src/lruc.c
@@ -0,0 +1,294 @@
+/* https://github.com/willcannings/C-LRU-Cache */
+
+#include "lruc.h"
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <err.h>
+
+// ------------------------------------------
+// private functions
+// ------------------------------------------
+// MurmurHash2, by Austin Appleby
+// http://sites.google.com/site/murmurhash/
+uint32_t lruc_hash(lruc *cache, void *key, uint32_t key_length) {
+  uint32_t m = 0x5bd1e995;
+  uint32_t r = 24;
+  uint32_t h = cache->seed ^ key_length;
+  char* data = (char *)key;
+
+  while(key_length >= 4) {
+    uint32_t k = *(uint32_t *)data;
+    k *= m;
+    k ^= k >> r;
+    k *= m;
+    h *= m;
+    h ^= k;
+    data += 4;
+    key_length -= 4;
+  }
+  
+  switch(key_length) {
+    case 3: h ^= data[2] << 16;
+    case 2: h ^= data[1] << 8;
+    case 1: h ^= data[0];
+            h *= m;
+  };
+
+  h ^= h >> 13;
+  h *= m;
+  h ^= h >> 15;
+  return h % cache->hash_table_size;
+}
+
+// compare a key against an existing item's key
+int lruc_cmp_keys(lruc_item *item, void *key, uint32_t key_length) {
+  if(key_length != item->key_length)
+    return 1;
+  else
+    return memcmp(key, item->key, key_length);
+}
+
+// remove an item and push it to the free items queue
+void lruc_remove_item(lruc *cache, lruc_item *prev, lruc_item *item, uint32_t hash_index) {
+  if(prev)
+    prev->next = item->next;
+  else
+    cache->items[hash_index] = (lruc_item *) item->next;
+  
+  // free memory and update the free memory counter
+  cache->free_memory += item->value_length;
+  free(item->value);
+  free(item->key);
+  
+  // push the item to the free items queue  
+  memset(item, 0, sizeof(lruc_item));
+  item->next = cache->free_items;
+  cache->free_items = item;
+}
+
+// remove the least recently used item
+// TODO: we can optimise this by finding the n lru items, where n = required_space / average_length
+void lruc_remove_lru_item(lruc *cache) {
+  lruc_item *min_item = NULL, *min_prev = NULL;
+  lruc_item *item = NULL, *prev = NULL;
+  uint32_t i = 0, min_index = -1;
+  uint64_t min_access_count = -1;
+  
+  for(; i < cache->hash_table_size; i++) {
+    item = cache->items[i];
+    prev = NULL;
+    
+    while(item) {
+      if(item->access_count < min_access_count || min_access_count == -1) {
+        min_access_count = item->access_count;
+        min_item  = item;
+        min_prev  = prev;
+        min_index = i;
+      }
+      prev = item;
+      item = item->next;
+    }
+  }
+  
+  if(min_item)
+    lruc_remove_item(cache, min_prev, min_item, min_index);
+}
+
+// pop an existing item off the free queue, or create a new one
+lruc_item *lruc_pop_or_create_item(lruc *cache) {
+  lruc_item *item = NULL;
+  
+  if(cache->free_items) {
+    item = cache->free_items;
+    cache->free_items = item->next;
+  } else {
+    item = (lruc_item *) calloc(sizeof(lruc_item), 1);
+  }
+  
+  return item;
+}
+
+// error helpers
+#define error_for(conditions, error)  if(conditions) {return error;}
+#define test_for_missing_cache()      error_for(!cache, LRUC_MISSING_CACHE)
+#define test_for_missing_key()        error_for(!key || key_length == 0, LRUC_MISSING_KEY)
+#define test_for_missing_value()      error_for(!value || value_length == 0, LRUC_MISSING_VALUE)
+#define test_for_value_too_large()    error_for(value_length > cache->total_memory, LRUC_VALUE_TOO_LARGE)
+
+// lock helpers
+#define lock_cache()    if(pthread_mutex_lock(cache->mutex)) {\
+  perror("LRU Cache unable to obtain mutex lock");\
+  return LRUC_PTHREAD_ERROR;\
+}
+
+#define unlock_cache()  if(pthread_mutex_unlock(cache->mutex)) {\
+  perror("LRU Cache unable to release mutex lock");\
+  return LRUC_PTHREAD_ERROR;\
+}
+
+
+// ------------------------------------------
+// public api
+// ------------------------------------------
+lruc *lruc_new(uint64_t cache_size, uint32_t average_length) {
+  // create the cache
+  lruc *cache = (lruc *) calloc(sizeof(lruc), 1);
+  if(!cache) {
+    perror("LRU Cache unable to create cache object");
+    return NULL;
+  }
+  cache->hash_table_size      = cache_size / average_length;
+  cache->average_item_length  = average_length;
+  cache->free_memory          = cache_size;
+  cache->total_memory         = cache_size;
+  cache->seed                 = time(NULL);
+  
+  // size the hash table to a guestimate of the number of slots required (assuming a perfect hash)
+  cache->items = (lruc_item **) calloc(sizeof(lruc_item *), cache->hash_table_size);
+  if(!cache->items) {
+    perror("LRU Cache unable to create cache hash table");
+    free(cache);
+    return NULL;
+  }
+  
+  // all cache calls are guarded by a mutex
+  cache->mutex = (pthread_mutex_t *) malloc(sizeof(pthread_mutex_t));
+  if(pthread_mutex_init(cache->mutex, NULL)) {
+    perror("LRU Cache unable to initialise mutex");
+    free(cache->items);
+    free(cache);
+    return NULL;
+  }
+  return cache;
+}
+
+
+lruc_error lruc_free(lruc *cache) {
+  test_for_missing_cache();
+  
+  // free each of the cached items, and the hash table
+  lruc_item *item = NULL, *next = NULL;
+  uint32_t i = 0;
+  if(cache->items) {
+    for(; i < cache->hash_table_size; i++) {
+      item = cache->items[i];    
+      while(item) {
+        next = (lruc_item *) item->next;
+        free(item);
+        item = next;
+      }
+    }
+    free(cache->items);
+  }
+  
+  // free the cache
+  if(cache->mutex) {
+    if(pthread_mutex_destroy(cache->mutex)) {
+      perror("LRU Cache unable to destroy mutex");
+      return LRUC_PTHREAD_ERROR;
+    }
+  }
+  free(cache);
+  
+  return LRUC_NO_ERROR;
+}
+
+
+lruc_error lruc_set(lruc *cache, void *key, uint32_t key_length, void *value, uint32_t value_length) {
+  test_for_missing_cache();
+  test_for_missing_key();
+  test_for_missing_value();
+  test_for_value_too_large();
+  lock_cache();
+  
+  // see if the key already exists
+  uint32_t hash_index = lruc_hash(cache, key, key_length), required = 0;
+  lruc_item *item = NULL, *prev = NULL;
+  item = cache->items[hash_index];
+  
+  while(item && lruc_cmp_keys(item, key, key_length)) {
+    prev = item;
+    item = (lruc_item *) item->next;
+  }
+  
+  if(item) {
+    // update the value and value_lengths
+    required = value_length - item->value_length;
+    free(item->value);
+    item->value = value;
+    item->value_length = value_length;
+    
+  } else {
+    // insert a new item
+    item = lruc_pop_or_create_item(cache);
+    item->value = value;
+    item->key = key;
+    item->value_length = value_length;
+    item->key_length = key_length;
+    required = value_length;
+    
+    if(prev)
+      prev->next = item;
+    else
+      cache->items[hash_index] = item;
+  }
+  item->access_count = ++cache->access_count;
+  
+  // remove as many items as necessary to free enough space
+  if(required > 0 && required > cache->free_memory) {
+    while(cache->free_memory < required)
+      lruc_remove_lru_item(cache);
+  }
+  cache->free_memory -= required;
+  unlock_cache();
+  return LRUC_NO_ERROR;
+}
+
+
+lruc_error lruc_get(lruc *cache, void *key, uint32_t key_length, void **value) {
+  test_for_missing_cache();
+  test_for_missing_key();
+  lock_cache();
+  
+  // loop until we find the item, or hit the end of a chain
+  uint32_t hash_index = lruc_hash(cache, key, key_length);
+  lruc_item *item = cache->items[hash_index];
+  
+  while(item && lruc_cmp_keys(item, key, key_length))
+    item = (lruc_item *) item->next;
+  
+  if(item) {
+    *value = item->value;
+    item->access_count = ++cache->access_count;
+  } else {
+    *value = NULL;
+  }
+  
+  unlock_cache();
+  return LRUC_NO_ERROR;
+}
+
+
+lruc_error lruc_delete(lruc *cache, void *key, uint32_t key_length) {
+  test_for_missing_cache();
+  test_for_missing_key();
+  lock_cache();
+  
+  // loop until we find the item, or hit the end of a chain
+  lruc_item *item = NULL, *prev = NULL;
+  uint32_t hash_index = lruc_hash(cache, key, key_length);
+  item = cache->items[hash_index];
+  
+  while(item && lruc_cmp_keys(item, key, key_length)) {
+    prev = item;
+    item = (lruc_item *) item->next;
+  }
+  
+  if(item) {
+    lruc_remove_item(cache, prev, item, hash_index);
+  }
+  
+  unlock_cache();
+  return LRUC_NO_ERROR;
+}
diff --git a/src/lib/third_party/src/node.c b/src/lib/third_party/src/node.c
index a43cc59a6..4da04de9b 100644
--- a/src/lib/third_party/src/node.c
+++ b/src/lib/third_party/src/node.c
@@ -192,7 +192,7 @@ void node_register_matchstr (AC_NODE_t * thiz, AC_PATTERN_t * str)
 
   thiz->matched_patterns[thiz->matched_patterns_num].astring = str->astring;
   thiz->matched_patterns[thiz->matched_patterns_num].length = str->length;
-  thiz->matched_patterns[thiz->matched_patterns_num].rep = str->rep;
+  memcpy(&thiz->matched_patterns[thiz->matched_patterns_num].rep, &str->rep, sizeof(AC_REP_t));
   thiz->matched_patterns_num++;
 }
 
diff --git a/src/lib/third_party/src/sha1-fast.c b/src/lib/third_party/src/sha1-fast.c
new file mode 100644
index 000000000..3e4932147
--- /dev/null
+++ b/src/lib/third_party/src/sha1-fast.c
@@ -0,0 +1,148 @@
+/* 
+ * SHA-1 hash in C
+ * 
+ * Copyright (c) 2017 Project Nayuki. (MIT License)
+ * https://www.nayuki.io/page/fast-sha1-hash-implementation-in-x86-assembly
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ * - The above copyright notice and this permission notice shall be included in
+ *   all copies or substantial portions of the Software.
+ * - The Software is provided "as is", without warranty of any kind, express or
+ *   implied, including but not limited to the warranties of merchantability,
+ *   fitness for a particular purpose and noninfringement. In no event shall the
+ *   authors or copyright holders be liable for any claim, damages or other
+ *   liability, whether in an action of contract, tort or otherwise, arising from,
+ *   out of or in connection with the Software or the use or other dealings in the
+ *   Software.
+ */
+
+#include <stdint.h>
+
+
+void sha1_compress(uint32_t state[5], const uint8_t block[64]) {
+#define ROTL32(x, n)  (((0U + (x)) << (n)) | ((x) >> (32 - (n))))  // Assumes that x is uint32_t and 0 < n < 32
+        
+#define LOADSCHEDULE(i)					\
+  schedule[i] = (uint32_t)block[i * 4 + 0] << 24	\
+    | (uint32_t)block[i * 4 + 1] << 16			\
+    | (uint32_t)block[i * 4 + 2] <<  8			\
+    | (uint32_t)block[i * 4 + 3] <<  0;
+        
+#define SCHEDULE(i)							\
+  temp = schedule[(i - 3) & 0xF] ^ schedule[(i - 8) & 0xF] ^ schedule[(i - 14) & 0xF] ^ schedule[(i - 16) & 0xF]; \
+  schedule[i & 0xF] = ROTL32(temp, 1);
+        
+#define ROUND0a(a, b, c, d, e, i)  LOADSCHEDULE(i)  ROUNDTAIL(a, b, e, ((b & c) | (~b & d))         , i, 0x5A827999)
+#define ROUND0b(a, b, c, d, e, i)  SCHEDULE(i)      ROUNDTAIL(a, b, e, ((b & c) | (~b & d))         , i, 0x5A827999)
+#define ROUND1(a, b, c, d, e, i)   SCHEDULE(i)      ROUNDTAIL(a, b, e, (b ^ c ^ d)                  , i, 0x6ED9EBA1)
+#define ROUND2(a, b, c, d, e, i)   SCHEDULE(i)      ROUNDTAIL(a, b, e, ((b & c) ^ (b & d) ^ (c & d)), i, 0x8F1BBCDC)
+#define ROUND3(a, b, c, d, e, i)   SCHEDULE(i)      ROUNDTAIL(a, b, e, (b ^ c ^ d)                  , i, 0xCA62C1D6)
+        
+#ifndef UINT32_C
+#define UINT32_C(c)c ## U
+#endif
+
+#define ROUNDTAIL(a, b, e, f, i, k)					\
+  e = 0U + e + ROTL32(a, 5) + f + UINT32_C(k) + schedule[i & 0xF];	\
+  b = ROTL32(b, 30);
+        
+  uint32_t a = state[0];
+  uint32_t b = state[1];
+  uint32_t c = state[2];
+  uint32_t d = state[3];
+  uint32_t e = state[4];
+        
+  uint32_t schedule[16];
+  uint32_t temp;
+  ROUND0a(a, b, c, d, e,  0)
+    ROUND0a(e, a, b, c, d,  1)
+    ROUND0a(d, e, a, b, c,  2)
+    ROUND0a(c, d, e, a, b,  3)
+    ROUND0a(b, c, d, e, a,  4)
+    ROUND0a(a, b, c, d, e,  5)
+    ROUND0a(e, a, b, c, d,  6)
+    ROUND0a(d, e, a, b, c,  7)
+    ROUND0a(c, d, e, a, b,  8)
+    ROUND0a(b, c, d, e, a,  9)
+    ROUND0a(a, b, c, d, e, 10)
+    ROUND0a(e, a, b, c, d, 11)
+    ROUND0a(d, e, a, b, c, 12)
+    ROUND0a(c, d, e, a, b, 13)
+    ROUND0a(b, c, d, e, a, 14)
+    ROUND0a(a, b, c, d, e, 15)
+    ROUND0b(e, a, b, c, d, 16)
+    ROUND0b(d, e, a, b, c, 17)
+    ROUND0b(c, d, e, a, b, 18)
+    ROUND0b(b, c, d, e, a, 19)
+    ROUND1(a, b, c, d, e, 20)
+    ROUND1(e, a, b, c, d, 21)
+    ROUND1(d, e, a, b, c, 22)
+    ROUND1(c, d, e, a, b, 23)
+    ROUND1(b, c, d, e, a, 24)
+    ROUND1(a, b, c, d, e, 25)
+    ROUND1(e, a, b, c, d, 26)
+    ROUND1(d, e, a, b, c, 27)
+    ROUND1(c, d, e, a, b, 28)
+    ROUND1(b, c, d, e, a, 29)
+    ROUND1(a, b, c, d, e, 30)
+    ROUND1(e, a, b, c, d, 31)
+    ROUND1(d, e, a, b, c, 32)
+    ROUND1(c, d, e, a, b, 33)
+    ROUND1(b, c, d, e, a, 34)
+    ROUND1(a, b, c, d, e, 35)
+    ROUND1(e, a, b, c, d, 36)
+    ROUND1(d, e, a, b, c, 37)
+    ROUND1(c, d, e, a, b, 38)
+    ROUND1(b, c, d, e, a, 39)
+    ROUND2(a, b, c, d, e, 40)
+    ROUND2(e, a, b, c, d, 41)
+    ROUND2(d, e, a, b, c, 42)
+    ROUND2(c, d, e, a, b, 43)
+    ROUND2(b, c, d, e, a, 44)
+    ROUND2(a, b, c, d, e, 45)
+    ROUND2(e, a, b, c, d, 46)
+    ROUND2(d, e, a, b, c, 47)
+    ROUND2(c, d, e, a, b, 48)
+    ROUND2(b, c, d, e, a, 49)
+    ROUND2(a, b, c, d, e, 50)
+    ROUND2(e, a, b, c, d, 51)
+    ROUND2(d, e, a, b, c, 52)
+    ROUND2(c, d, e, a, b, 53)
+    ROUND2(b, c, d, e, a, 54)
+    ROUND2(a, b, c, d, e, 55)
+    ROUND2(e, a, b, c, d, 56)
+    ROUND2(d, e, a, b, c, 57)
+    ROUND2(c, d, e, a, b, 58)
+    ROUND2(b, c, d, e, a, 59)
+    ROUND3(a, b, c, d, e, 60)
+    ROUND3(e, a, b, c, d, 61)
+    ROUND3(d, e, a, b, c, 62)
+    ROUND3(c, d, e, a, b, 63)
+    ROUND3(b, c, d, e, a, 64)
+    ROUND3(a, b, c, d, e, 65)
+    ROUND3(e, a, b, c, d, 66)
+    ROUND3(d, e, a, b, c, 67)
+    ROUND3(c, d, e, a, b, 68)
+    ROUND3(b, c, d, e, a, 69)
+    ROUND3(a, b, c, d, e, 70)
+    ROUND3(e, a, b, c, d, 71)
+    ROUND3(d, e, a, b, c, 72)
+    ROUND3(c, d, e, a, b, 73)
+    ROUND3(b, c, d, e, a, 74)
+    ROUND3(a, b, c, d, e, 75)
+    ROUND3(e, a, b, c, d, 76)
+    ROUND3(d, e, a, b, c, 77)
+    ROUND3(c, d, e, a, b, 78)
+    ROUND3(b, c, d, e, a, 79)
+        
+    state[0] = 0U + state[0] + a;
+  state[1] = 0U + state[1] + b;
+  state[2] = 0U + state[2] + c;
+  state[3] = 0U + state[3] + d;
+  state[4] = 0U + state[4] + e;
+}
diff --git a/tests/do.sh b/tests/do.sh
index 7516e5997..a17878fb5 100755
--- a/tests/do.sh
+++ b/tests/do.sh
@@ -7,7 +7,10 @@ build_results() {
     for f in $PCAPS; do 
 	#echo $f
 	# create result files if not present
-	[ ! -f result/$f.out ] && $READER -q -i pcap/$f -w result/$f.out -v 1
+	if [ ! -f result/$f.out ]; then
+	    CMD="$READER -q -i pcap/$f -w result/$f.out -v 1"
+	    $CMD 
+	fi
     done
 }
 
diff --git a/tests/pcap/bitcoin.pcap b/tests/pcap/bitcoin.pcap
new file mode 100644
index 000000000..ce62ed779
--- /dev/null
+++ b/tests/pcap/bitcoin.pcap
diff --git a/tests/pcap/dropbox.pcap b/tests/pcap/dropbox.pcap
index 6e950826e..9824eb6ed 100644
--- a/tests/pcap/dropbox.pcap
+++ b/tests/pcap/dropbox.pcap
diff --git a/tests/pcap/ethereum.pcap b/tests/pcap/ethereum.pcap
new file mode 100644
index 000000000..f77637d62
--- /dev/null
+++ b/tests/pcap/ethereum.pcap
diff --git a/tests/pcap/memcached.cap b/tests/pcap/memcached.cap
new file mode 100644
index 000000000..3b4c1a425
--- /dev/null
+++ b/tests/pcap/memcached.cap
diff --git a/tests/pcap/monero.pcap b/tests/pcap/monero.pcap
new file mode 100644
index 000000000..67d796882
--- /dev/null
+++ b/tests/pcap/monero.pcap
diff --git a/tests/pcap/nest_log_sink.pcap b/tests/pcap/nest_log_sink.pcap
new file mode 100644
index 000000000..2cf286d22
--- /dev/null
+++ b/tests/pcap/nest_log_sink.pcap
diff --git a/tests/pcap/ssdp-m-search.pcap b/tests/pcap/ssdp-m-search.pcap
new file mode 100644
index 000000000..a71f32227
--- /dev/null
+++ b/tests/pcap/ssdp-m-search.pcap
diff --git a/tests/pcap/upnp.pcap b/tests/pcap/upnp.pcap
new file mode 100644
index 000000000..c1068b04a
--- /dev/null
+++ b/tests/pcap/upnp.pcap
diff --git a/tests/pcap/zcash.pcap b/tests/pcap/zcash.pcap
new file mode 100644
index 000000000..213585dbd
--- /dev/null
+++ b/tests/pcap/zcash.pcap
diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out
index efbc2dba9..738340781 100644
--- a/tests/result/1kxun.pcap.out
+++ b/tests/result/1kxun.pcap.out
@@ -1,136 +1,136 @@
-Unknown	24	6428	14
+Unknown	23	6265	13
 DNS	2	378	1
-HTTP	105	36430	8
+HTTP	524	220123	9
 MDNS	1	82	1
 NTP	1	90	1
 NetBIOS	31	3589	8
 SSDP	143	36951	13
 DHCP	24	8208	5
-SMTPS	419	183693	1
 QQ	28	5216	2
 RTP	2	132	1
 SSL	105	21914	7
 DHCPV6	10	980	3
 Facebook	19	6840	2
 Google	3	176	1
-LLMNR	89	6799	47
-1kxun	433	311919	14
+GenericProtocol	433	311919	14
+LLMNR	90	6962	48
 
-	1	TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.29/HTTP.SMTPS][cat: Email][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144]
-	2	TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][cat: Streaming][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com]
-	3	TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][cat: Streaming][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com]
-	4	TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][cat: Streaming][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com]
-	5	TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][cat: Streaming][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com]
-	6	TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][cat: Streaming][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi]
-	7	TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][cat: Streaming][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com]
-	8	TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][cat: Streaming][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com]
-	9	TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][cat: Web][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152]
-	10	TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp]
-	11	TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp]
-	12	UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][cat: System][16 pkts/8921 bytes -> 0 pkts/0 bytes]
-	13	UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][16 pkts/8473 bytes -> 0 pkts/0 bytes]
-	14	TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][13 pkts/6269 bytes <-> 10 pkts/1165 bytes]
-	15	TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][cat: Chat][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com]
-	16	UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][cat: Network][14 pkts/4788 bytes -> 0 pkts/0 bytes]
-	17	TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][4 pkts/2050 bytes <-> 5 pkts/2297 bytes]
-	18	TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][client: 1]
-	19	TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][client: 1]
-	20	TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][client: 1]
-	21	TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][cat: Streaming][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi]
-	22	TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][client: 1]
-	23	TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][cat: Streaming][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi]
-	24	TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][5 pkts/1006 bytes <-> 5 pkts/1487 bytes]
-	25	UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][14 pkts/2450 bytes -> 0 pkts/0 bytes]
-	26	TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][cat: Streaming][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com]
-	27	TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][cat: Web][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145]
-	28	UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][13 pkts/2275 bytes -> 0 pkts/0 bytes]
-	29	UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][12 pkts/2100 bytes -> 0 pkts/0 bytes]
-	30	UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][12 pkts/2100 bytes -> 0 pkts/0 bytes]
-	31	TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com]
-	32	UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][10 pkts/1750 bytes -> 0 pkts/0 bytes]
-	33	UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][9 pkts/1611 bytes -> 0 pkts/0 bytes]
-	34	UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][9 pkts/1611 bytes -> 0 pkts/0 bytes]
-	35	UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][9 pkts/1575 bytes -> 0 pkts/0 bytes]
-	36	TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][cat: Web][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170]
-	37	UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][8 pkts/1432 bytes -> 0 pkts/0 bytes]
-	38	UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][8 pkts/1400 bytes -> 0 pkts/0 bytes]
-	39	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen]
-	40	UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][cat: Network][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air]
-	41	UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][7 pkts/1253 bytes -> 0 pkts/0 bytes]
-	42	UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System][13 pkts/1196 bytes -> 0 pkts/0 bytes]
-	43	UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][cat: System][3 pkts/648 bytes -> 0 pkts/0 bytes]
-	44	UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System][6 pkts/552 bytes -> 0 pkts/0 bytes]
-	45	UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][cat: System][2 pkts/549 bytes -> 0 pkts/0 bytes]
-	46	UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network][5 pkts/490 bytes -> 0 pkts/0 bytes]
-	47	UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network][4 pkts/392 bytes -> 0 pkts/0 bytes]
-	48	UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/89 bytes <-> 1 pkts/289 bytes][Host: dl-obs.official.line.naver.jp]
-	49	TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][4 pkts/220 bytes <-> 2 pkts/132 bytes]
-	50	UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc]
-	51	UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc]
-	52	UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][cat: Streaming][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com]
-	53	UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System][3 pkts/276 bytes -> 0 pkts/0 bytes]
-	54	UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][cat: Streaming][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi]
-	55	UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][cat: Chat][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com]
-	56	UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][cat: Streaming][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com]
-	57	UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][cat: Streaming][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com]
-	58	UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad]
-	59	TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes]
-	60	UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad]
-	61	UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad]
-	62	UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System][2 pkts/184 bytes -> 0 pkts/0 bytes]
-	63	UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
-	64	UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
-	65	UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
-	66	UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc]
-	67	UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw]
-	68	UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw]
-	69	TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes]
-	70	UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc]
-	71	UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc]
-	72	UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav]
-	73	UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap]
-	74	UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap]
-	75	UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c]
-	76	UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c]
-	77	UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad]
-	78	UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad]
-	79	UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
-	80	UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
-	81	UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
-	82	UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc]
-	83	UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc]
-	84	UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac]
-	85	UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw]
-	86	UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw]
-	87	UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc]
-	88	UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc]
-	89	UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc]
-	90	UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc]
-	91	UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook]
-	92	UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook]
-	93	UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc]
-	94	UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc]
-	95	UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc]
-	96	UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc]
-	97	UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc]
-	98	UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap]
-	99	UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap]
-	100	UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c]
-	101	UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 87/RTP][cat: VoIP][2 pkts/132 bytes -> 0 pkts/0 bytes]
-	102	TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes]
-	103	TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes]
-	104	UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network][1 pkts/98 bytes -> 0 pkts/0 bytes]
-	105	UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System][1 pkts/92 bytes -> 0 pkts/0 bytes]
-	106	UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System][1 pkts/92 bytes -> 0 pkts/0 bytes]
-	107	UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc]
-	108	UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc]
-	109	UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][cat: System][1 pkts/90 bytes -> 0 pkts/0 bytes]
-	110	UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network][1 pkts/82 bytes -> 0 pkts/0 bytes]
-	111	UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc]
-	112	UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc]
-	113	UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc]
-	114	UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc]
-	115	UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav]
+	1	TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][cat: Web/5][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144]
+	2	TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com]
+	3	TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com]
+	4	TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com]
+	5	TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com]
+	6	TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi]
+	7	TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com]
+	8	TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com]
+	9	TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152]
+	10	TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp]
+	11	TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp]
+	12	UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes]
+	13	UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes]
+	14	TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes]
+	15	TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com]
+	16	UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes]
+	17	TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][4 pkts/2050 bytes <-> 5 pkts/2297 bytes]
+	18	TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][client: 1]
+	19	TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][client: 1]
+	20	TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][client: 1]
+	21	TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi]
+	22	TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][client: 1]
+	23	TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi]
+	24	TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][5 pkts/1006 bytes <-> 5 pkts/1487 bytes]
+	25	UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes]
+	26	TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com]
+	27	TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145]
+	28	UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes]
+	29	UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes]
+	30	UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes]
+	31	TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com]
+	32	UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes]
+	33	UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes]
+	34	UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes]
+	35	UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes]
+	36	TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170]
+	37	UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes]
+	38	UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes]
+	39	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen]
+	40	UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][cat: Network/14][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air]
+	41	UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes]
+	42	UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes]
+	43	UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes]
+	44	UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes]
+	45	UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes]
+	46	UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes]
+	47	UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][4 pkts/392 bytes -> 0 pkts/0 bytes]
+	48	UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Host: dl-obs.official.line.naver.jp]
+	49	TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes]
+	50	UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc]
+	51	UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc]
+	52	UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com]
+	53	UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes]
+	54	UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi]
+	55	UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][cat: Chat/9][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com]
+	56	UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com]
+	57	UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com]
+	58	UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad]
+	59	TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][3 pkts/198 bytes -> 0 pkts/0 bytes]
+	60	UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad]
+	61	UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad]
+	62	UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes]
+	63	UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
+	64	UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
+	65	UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
+	66	UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc]
+	67	UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw]
+	68	UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw]
+	69	TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][cat: Web/5][2 pkts/110 bytes <-> 1 pkts/66 bytes]
+	70	UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc]
+	71	UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc]
+	72	UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav]
+	73	UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap]
+	74	UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap]
+	75	UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c]
+	76	UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c]
+	77	UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 154/LLMNR][cat: Network/14][1 pkts/163 bytes -> 0 pkts/0 bytes]
+	78	UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad]
+	79	UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad]
+	80	UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
+	81	UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
+	82	UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機]
+	83	UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc]
+	84	UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc]
+	85	UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac]
+	86	UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw]
+	87	UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw]
+	88	UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc]
+	89	UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc]
+	90	UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc]
+	91	UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc]
+	92	UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook]
+	93	UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook]
+	94	UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc]
+	95	UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc]
+	96	UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc]
+	97	UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc]
+	98	UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc]
+	99	UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap]
+	100	UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap]
+	101	UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c]
+	102	UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 87/RTP][cat: Media/1][2 pkts/132 bytes -> 0 pkts/0 bytes]
+	103	TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes]
+	104	TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][cat: Web/5][1 pkts/60 bytes <-> 1 pkts/60 bytes]
+	105	UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes]
+	106	UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes]
+	107	UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes]
+	108	UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc]
+	109	UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc]
+	110	UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes]
+	111	UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes]
+	112	UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc]
+	113	UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc]
+	114	UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc]
+	115	UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc]
+	116	UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav]
 
 
 Undetected flows:
@@ -145,6 +145,5 @@ Undetected flows:
 	9	UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes -> 0 pkts/0 bytes]
 	10	UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes]
 	11	UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes]
-	12	UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes]
-	13	UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes]
-	14	UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][1 pkts/82 bytes -> 0 pkts/0 bytes]
+	12	UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes]
+	13	UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][1 pkts/82 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out
index baabfcf45..32ddda168 100644
--- a/tests/result/6in4tunnel.pcap.out
+++ b/tests/result/6in4tunnel.pcap.out
@@ -4,13 +4,13 @@ SSL	28	15397	1
 ICMPV6	48	7862	3
 Facebook	37	14726	3
 
-	1	TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/SSL][cat: Web][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][client: mail.tomasu.net][server: mail.tomasu.net]
-	2	TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][client: www.facebook.com][server: *.facebook.com]
-	3	ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][cat: Network][23 pkts/3174 bytes <-> 23 pkts/3174 bytes]
-	4	TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][cat: Web][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Host: mail.tomasu.net]
-	5	ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][cat: Network][1 pkts/1314 bytes -> 0 pkts/0 bytes]
-	6	UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork][1 pkts/133 bytes <-> 1 pkts/273 bytes][Host: star.c10r.facebook.com]
-	7	UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork][1 pkts/133 bytes <-> 1 pkts/261 bytes][Host: star.c10r.facebook.com]
-	8	TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][1 pkts/152 bytes <-> 1 pkts/106 bytes]
-	9	TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][1 pkts/152 bytes <-> 1 pkts/106 bytes]
-	10	ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][cat: Network][1 pkts/200 bytes -> 0 pkts/0 bytes]
+	1	TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/SSL][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][client: mail.tomasu.net][server: mail.tomasu.net]
+	2	TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][client: www.facebook.com][server: *.facebook.com]
+	3	ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes]
+	4	TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Host: mail.tomasu.net]
+	5	ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes]
+	6	UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/273 bytes][Host: star.c10r.facebook.com]
+	7	UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/261 bytes][Host: star.c10r.facebook.com]
+	8	TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes]
+	9	TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes]
+	10	ICMPV6 [2001:470:1f16:13f::2]:0 -> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/200 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/BGP_Cisco_hdlc_slarp.pcap.out b/tests/result/BGP_Cisco_hdlc_slarp.pcap.out
index 6b5d01385..66a5d416a 100644
--- a/tests/result/BGP_Cisco_hdlc_slarp.pcap.out
+++ b/tests/result/BGP_Cisco_hdlc_slarp.pcap.out
@@ -1,3 +1,3 @@
 BGP	14	969	1
 
-	1	TCP 100.16.1.2:18324 <-> 100.16.1.1:179 [proto: 13/BGP][cat: Network][7 pkts/388 bytes <-> 7 pkts/581 bytes]
+	1	TCP 100.16.1.2:18324 <-> 100.16.1.1:179 [proto: 13/BGP][cat: Network/14][7 pkts/388 bytes <-> 7 pkts/581 bytes]
diff --git a/tests/result/BGP_redist.pcap.out b/tests/result/BGP_redist.pcap.out
index 9946be111..dddd85947 100644
--- a/tests/result/BGP_redist.pcap.out
+++ b/tests/result/BGP_redist.pcap.out
@@ -1,4 +1,4 @@
 BGP	2	322	2
 
-	1	TCP 2.2.2.2:179 -> 4.4.4.4:63535 [proto: 13/BGP][cat: Network][1 pkts/163 bytes -> 0 pkts/0 bytes]
-	2	TCP 2.2.2.2:179 -> 5.5.5.5:49433 [proto: 13/BGP][cat: Network][1 pkts/159 bytes -> 0 pkts/0 bytes]
+	1	TCP 2.2.2.2:179 -> 4.4.4.4:63535 [proto: 13/BGP][cat: Network/14][1 pkts/163 bytes -> 0 pkts/0 bytes]
+	2	TCP 2.2.2.2:179 -> 5.5.5.5:49433 [proto: 13/BGP][cat: Network/14][1 pkts/159 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out
index f7c45acf7..88828fa67 100644
--- a/tests/result/EAQ.pcap.out
+++ b/tests/result/EAQ.pcap.out
@@ -1,34 +1,34 @@
 Google	23	11743	2
 EAQ	174	10092	29
 
-	1	TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][cat: Web][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br]
-	2	TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][cat: Web][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com]
-	3	UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes]
-	4	UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes]
-	5	UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes]
-	6	UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes]
-	7	UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes]
-	8	UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes]
-	9	UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes]
-	10	UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][5 pkts/290 bytes <-> 5 pkts/290 bytes]
-	11	UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	12	UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	13	UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	14	UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	15	UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	16	UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	17	UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	18	UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	19	UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	20	UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	21	UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
-	22	UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
-	23	UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
-	24	UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
-	25	UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
-	26	UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
-	27	UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
-	28	UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
-	29	UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
-	30	UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
-	31	UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	1	TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br]
+	2	TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com]
+	3	UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes]
+	4	UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes]
+	5	UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes]
+	6	UDP 10.8.0.1:43979 <-> 200.194.132.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes]
+	7	UDP 10.8.0.1:48890 <-> 200.185.125.226:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes]
+	8	UDP 10.8.0.1:51569 <-> 200.194.148.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes]
+	9	UDP 10.8.0.1:52257 <-> 200.185.138.146:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes]
+	10	UDP 10.8.0.1:52726 <-> 200.194.132.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes]
+	11	UDP 10.8.0.1:34687 -> 200.194.141.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	12	UDP 10.8.0.1:37985 -> 200.194.129.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	13	UDP 10.8.0.1:39221 -> 200.194.137.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	14	UDP 10.8.0.1:41438 -> 200.194.141.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	15	UDP 10.8.0.1:47714 -> 200.194.129.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	16	UDP 10.8.0.1:48563 -> 200.194.141.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	17	UDP 10.8.0.1:48666 -> 200.194.129.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	18	UDP 10.8.0.1:53354 -> 200.194.137.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	19	UDP 10.8.0.1:56128 -> 200.194.133.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	20	UDP 10.8.0.1:59959 -> 200.194.137.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	21	UDP 10.8.0.1:33356 -> 200.194.149.66:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	22	UDP 10.8.0.1:36552 -> 200.194.136.66:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	23	UDP 10.8.0.1:36577 -> 200.194.149.68:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	24	UDP 10.8.0.1:40058 -> 200.194.134.67:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	25	UDP 10.8.0.1:43934 -> 200.194.136.68:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	26	UDP 10.8.0.1:47346 -> 200.194.134.66:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	27	UDP 10.8.0.1:50175 -> 200.194.149.67:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	28	UDP 10.8.0.1:53059 -> 200.194.133.68:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	29	UDP 10.8.0.1:57004 -> 200.194.133.67:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	30	UDP 10.8.0.1:59098 -> 200.194.134.68:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
+	31	UDP 10.8.0.1:60013 -> 200.194.136.67:6000 [proto: 190/EAQ][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out
index f07db1c29..7e35db0cc 100644
--- a/tests/result/Instagram.pcap.out
+++ b/tests/result/Instagram.pcap.out
@@ -2,41 +2,42 @@ Unknown	1	66	1
 HTTP	116	91784	6
 ICMP	5	510	1
 SSL	2	169	1
-Facebook	251	215986	5
+Facebook	101	62428	4
 Dropbox	5	725	2
+WhatsApp	150	153558	1
 Instagram	363	255094	16
 
-	1	TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][103 pkts/150456 bytes <-> 47 pkts/3102 bytes]
-	2	TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com]
-	3	TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com]
-	4	TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com]
-	5	TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com]
-	6	TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][34 pkts/5555 bytes <-> 34 pkts/40133 bytes]
-	7	TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][25 pkts/37100 bytes <-> 24 pkts/1584 bytes]
-	8	TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][14 pkts/924 bytes <-> 20 pkts/28115 bytes]
-	9	TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][16 pkts/22931 bytes <-> 9 pkts/594 bytes]
-	10	TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][client: igcdn-photos-g-a.akamaihd.net][server: a248.e.akamai.net]
-	11	TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][client: igcdn-photos-h-a.akamaihd.net][server: a248.e.akamai.net]
-	12	TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][6 pkts/4699 bytes <-> 6 pkts/1345 bytes]
-	13	TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net]
-	14	TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net]
-	15	TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][5 pkts/1279 bytes <-> 6 pkts/4118 bytes]
-	16	TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][5 pkts/1279 bytes <-> 5 pkts/4020 bytes]
-	17	TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com]
-	18	TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][client: telegraph-ash.instagram.com]
-	19	UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud][4 pkts/580 bytes -> 0 pkts/0 bytes]
-	20	ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][cat: Network][5 pkts/510 bytes -> 0 pkts/0 bytes]
-	21	UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork][1 pkts/89 bytes <-> 1 pkts/305 bytes][Host: igcdn-photos-h-a.akamaihd.net]
-	22	TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork][1 pkts/324 bytes -> 0 pkts/0 bytes][Host: photos-a.ak.instagram.com]
-	23	TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com]
-	24	UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-g-a.akamaihd.net]
-	25	UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-a-a.akamaihd.net]
-	26	TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes]
-	27	TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes]
-	28	TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes -> 0 pkts/0 bytes]
-	29	UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][cat: Cloud][1 pkts/145 bytes -> 0 pkts/0 bytes]
-	30	TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][1 pkts/74 bytes <-> 1 pkts/66 bytes]
-	31	UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork][1 pkts/85 bytes -> 0 pkts/0 bytes][Host: photos-b.ak.instagram.com]
+	1	TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.142/HTTP.WhatsApp][cat: Chat/9][103 pkts/150456 bytes <-> 47 pkts/3102 bytes]
+	2	TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com]
+	3	TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com]
+	4	TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com]
+	5	TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com]
+	6	TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][34 pkts/5555 bytes <-> 34 pkts/40133 bytes]
+	7	TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][cat: Web/5][25 pkts/37100 bytes <-> 24 pkts/1584 bytes]
+	8	TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][cat: Web/5][14 pkts/924 bytes <-> 20 pkts/28115 bytes]
+	9	TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][cat: Web/5][16 pkts/22931 bytes <-> 9 pkts/594 bytes]
+	10	TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork/6][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][client: igcdn-photos-g-a.akamaihd.net][server: a248.e.akamai.net]
+	11	TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork/6][10 pkts/1545 bytes <-> 7 pkts/4824 bytes][client: igcdn-photos-h-a.akamaihd.net][server: a248.e.akamai.net]
+	12	TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][6 pkts/4699 bytes <-> 6 pkts/1345 bytes]
+	13	TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net]
+	14	TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][client: igcdn-photos-a-a.akamaihd.net][server: a248.e.akamai.net]
+	15	TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][5 pkts/1279 bytes <-> 6 pkts/4118 bytes]
+	16	TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][5 pkts/1279 bytes <-> 5 pkts/4020 bytes]
+	17	TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com]
+	18	TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/SSL.Instagram][cat: SocialNetwork/6][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][client: telegraph-ash.instagram.com]
+	19	UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/580 bytes -> 0 pkts/0 bytes]
+	20	ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][cat: Network/14][5 pkts/510 bytes -> 0 pkts/0 bytes]
+	21	UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/305 bytes][Host: igcdn-photos-h-a.akamaihd.net]
+	22	TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/324 bytes -> 0 pkts/0 bytes][Host: photos-a.ak.instagram.com]
+	23	TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com]
+	24	UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-g-a.akamaihd.net]
+	25	UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-a-a.akamaihd.net]
+	26	TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes]
+	27	TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes]
+	28	TCP 192.168.0.103:58690 -> 46.33.70.159:443 [proto: 91/SSL][cat: Web/5][2 pkts/169 bytes -> 0 pkts/0 bytes]
+	29	UDP 192.168.0.106:17500 -> 192.168.0.255:17500 [proto: 121/Dropbox][cat: Cloud/13][1 pkts/145 bytes -> 0 pkts/0 bytes]
+	30	TCP 46.33.70.150:80 <-> 192.168.0.103:40855 [proto: 7/HTTP][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/66 bytes]
+	31	UDP 192.168.0.103:27124 -> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/85 bytes -> 0 pkts/0 bytes][Host: photos-b.ak.instagram.com]
 
 
 Undetected flows:
diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out
index c4cc5a154..0826675ea 100644
--- a/tests/result/KakaoTalk_chat.pcap.out
+++ b/tests/result/KakaoTalk_chat.pcap.out
@@ -1,48 +1,48 @@
 DNS	2	217	1
 HTTP	1	56	1
 ICMP	1	147	1
-SSL	29	4579	3
+SSL	23	2689	2
 Facebook	215	51809	12
 Google	16	1031	3
 HTTP_Proxy	26	3926	1
-Amazon	2	181	1
+Amazon	8	2071	2
 KakaoTalk	55	9990	15
 
-	1	TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][client: graph.facebook.com][server: *.facebook.com]
-	2	TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][client: developers.facebook.com][server: *.facebook.com]
-	3	TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][client: api.facebook.com][server: *.facebook.com]
-	4	TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][server: *.facebook.com]
-	5	TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][server: *.facebook.com]
-	6	TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][server: *.facebook.com]
-	7	TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][cat: VoIP][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][server: *.kakao.com]
-	8	TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][17 pkts/2231 bytes <-> 9 pkts/1695 bytes]
-	9	TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][9 pkts/1737 bytes <-> 9 pkts/672 bytes]
-	10	TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][cat: Web][3 pkts/290 bytes <-> 3 pkts/1600 bytes][server: *.push.samsungosp.com]
-	11	TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com]
-	12	TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com]
-	13	TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][7 pkts/392 bytes <-> 7 pkts/392 bytes]
-	14	TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][2 pkts/112 bytes <-> 3 pkts/168 bytes]
-	15	TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][2 pkts/139 bytes <-> 2 pkts/112 bytes]
-	16	UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/78 bytes <-> 1 pkts/166 bytes][Host: katalk.kakao.com]
-	17	UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork][1 pkts/85 bytes <-> 1 pkts/144 bytes][Host: developers.facebook.com]
-	18	UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork][1 pkts/80 bytes <-> 1 pkts/138 bytes][Host: graph.facebook.com]
-	19	UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/87 bytes <-> 1 pkts/130 bytes][Host: 2.97.252.173.in-addr.arpa]
-	20	UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/79 bytes <-> 1 pkts/136 bytes][Host: ac-talk.kakao.com]
-	21	UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/84 bytes <-> 1 pkts/130 bytes][Host: booking.loco.kakao.com]
-	22	UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/82 bytes <-> 1 pkts/126 bytes][Host: up-gp.talk.kakao.com]
-	23	UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-p.talk.kakao.com]
-	24	UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-v.talk.kakao.com]
-	25	UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-m.talk.kakao.com]
-	26	UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-a.talk.kakao.com]
-	27	UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-c.talk.kakao.com]
-	28	UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com]
-	29	UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com]
-	30	UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork][1 pkts/78 bytes <-> 1 pkts/118 bytes][Host: api.facebook.com]
-	31	UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: auth.kakao.com]
-	32	UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: item.kakao.com]
-	33	TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes -> 0 pkts/0 bytes]
-	34	UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP][1 pkts/81 bytes <-> 1 pkts/97 bytes][Host: dn-l.talk.kakao.com]
-	35	TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes]
-	36	ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][cat: Network][1 pkts/147 bytes -> 0 pkts/0 bytes]
-	37	TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes]
-	38	TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][1 pkts/56 bytes -> 0 pkts/0 bytes]
+	1	TCP 10.24.82.188:43581 <-> 31.13.68.70:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][17 pkts/3461 bytes <-> 17 pkts/6194 bytes][client: graph.facebook.com][server: *.facebook.com]
+	2	TCP 10.24.82.188:45211 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][14 pkts/2575 bytes <-> 15 pkts/6502 bytes][client: developers.facebook.com][server: *.facebook.com]
+	3	TCP 10.24.82.188:45209 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][10 pkts/2584 bytes <-> 9 pkts/5123 bytes][client: api.facebook.com][server: *.facebook.com]
+	4	TCP 10.24.82.188:35503 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][20 pkts/2849 bytes <-> 18 pkts/4742 bytes][server: *.facebook.com]
+	5	TCP 10.24.82.188:45213 <-> 31.13.68.84:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][15 pkts/2508 bytes <-> 13 pkts/5053 bytes][server: *.facebook.com]
+	6	TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][server: *.facebook.com]
+	7	TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/SSL.KakaoTalk][cat: VoIP/10][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][server: *.kakao.com]
+	8	TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes]
+	9	TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes]
+	10	TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91.178/SSL.Amazon][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][server: *.push.samsungosp.com]
+	11	TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com]
+	12	TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com]
+	13	TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes]
+	14	TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/SSL][cat: Web/5][2 pkts/112 bytes <-> 3 pkts/168 bytes]
+	15	TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][2 pkts/139 bytes <-> 2 pkts/112 bytes]
+	16	UDP 10.24.82.188:57816 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/78 bytes <-> 1 pkts/166 bytes][Host: katalk.kakao.com]
+	17	UDP 10.24.82.188:4017 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/85 bytes <-> 1 pkts/144 bytes][Host: developers.facebook.com]
+	18	UDP 10.24.82.188:19582 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/80 bytes <-> 1 pkts/138 bytes][Host: graph.facebook.com]
+	19	UDP 10.24.82.188:14650 <-> 10.188.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/87 bytes <-> 1 pkts/130 bytes][Host: 2.97.252.173.in-addr.arpa]
+	20	UDP 10.24.82.188:35603 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/79 bytes <-> 1 pkts/136 bytes][Host: ac-talk.kakao.com]
+	21	UDP 10.24.82.188:41909 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/84 bytes <-> 1 pkts/130 bytes][Host: booking.loco.kakao.com]
+	22	UDP 10.24.82.188:25117 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/126 bytes][Host: up-gp.talk.kakao.com]
+	23	UDP 10.24.82.188:5929 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-p.talk.kakao.com]
+	24	UDP 10.24.82.188:9094 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-v.talk.kakao.com]
+	25	UDP 10.24.82.188:12908 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-m.talk.kakao.com]
+	26	UDP 10.24.82.188:29029 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-a.talk.kakao.com]
+	27	UDP 10.24.82.188:56820 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/81 bytes <-> 1 pkts/124 bytes][Host: up-c.talk.kakao.com]
+	28	UDP 10.24.82.188:61011 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com]
+	29	UDP 10.24.82.188:61011 <-> 10.188.191.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/81 bytes <-> 1 pkts/119 bytes][Host: plus-talk.kakao.com]
+	30	UDP 10.24.82.188:24596 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/118 bytes][Host: api.facebook.com]
+	31	UDP 10.24.82.188:38448 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: auth.kakao.com]
+	32	UDP 10.24.82.188:58810 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/76 bytes <-> 1 pkts/114 bytes][Host: item.kakao.com]
+	33	TCP 10.24.82.188:58927 -> 54.255.253.199:5223 [proto: 64.178/SSL_No_Cert.Amazon][cat: Web/5][2 pkts/181 bytes -> 0 pkts/0 bytes]
+	34	UDP 10.24.82.188:43077 <-> 10.188.1.1:53 [proto: 5.193/DNS.KakaoTalk][cat: VoIP/10][1 pkts/81 bytes <-> 1 pkts/97 bytes][Host: dn-l.talk.kakao.com]
+	35	TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes]
+	36	ICMP 10.24.82.188:0 -> 10.188.191.1:0 [proto: 81/ICMP][cat: Network/14][1 pkts/147 bytes -> 0 pkts/0 bytes]
+	37	TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes]
+	38	TCP 120.28.26.242:80 -> 10.24.82.188:34503 [proto: 7/HTTP][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out
index e09fb3eb6..ec5e97620 100644
--- a/tests/result/KakaoTalk_talk.pcap.out
+++ b/tests/result/KakaoTalk_talk.pcap.out
@@ -1,32 +1,32 @@
 HTTP	5	280	1
 QQ	15	1727	1
-SSL_No_Cert	74	14132	2
+SSL_No_Cert	45	10108	1
 RTP	2991	398751	2
 SSL	5	1198	1
-Facebook	5	377	3
+Facebook	34	4401	4
 Google	4	359	4
 HTTP_Proxy	16	1838	2
 Tor	40	10538	1
 Amazon	4	396	1
 KakaoTalk_Voice	44	6196	2
 
-	1	UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][cat: VoIP][757 pkts/106335 bytes <-> 746 pkts/93906 bytes]
-	2	UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][cat: VoIP][746 pkts/93906 bytes <-> 742 pkts/104604 bytes]
-	3	TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][cat: VPN][22 pkts/5326 bytes <-> 18 pkts/5212 bytes]
-	4	TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 64/SSL_No_Cert][cat: Web][23 pkts/4380 bytes <-> 22 pkts/5728 bytes]
-	5	TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64/SSL_No_Cert][cat: Web][15 pkts/2932 bytes <-> 14 pkts/1092 bytes]
-	6	UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][cat: VoIP][12 pkts/1692 bytes <-> 10 pkts/1420 bytes]
-	7	UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][cat: VoIP][11 pkts/1542 bytes <-> 11 pkts/1542 bytes]
-	8	TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com]
-	9	TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][6 pkts/543 bytes <-> 5 pkts/945 bytes]
-	10	TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][3 pkts/1044 bytes <-> 2 pkts/154 bytes]
-	11	TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][2 pkts/225 bytes <-> 2 pkts/171 bytes]
-	12	TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes -> 0 pkts/0 bytes]
-	13	TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][3 pkts/168 bytes <-> 2 pkts/112 bytes]
-	14	UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork][1 pkts/79 bytes <-> 1 pkts/118 bytes][Host: mqtt.facebook.com]
-	15	TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes]
-	16	TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes -> 0 pkts/0 bytes]
-	17	TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][1 pkts/83 bytes -> 0 pkts/0 bytes]
-	18	TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes]
-	19	TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes -> 0 pkts/0 bytes]
-	20	TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes -> 0 pkts/0 bytes]
+	1	UDP 10.24.82.188:11320 <-> 1.201.1.174:23044 [proto: 87/RTP][cat: Media/1][757 pkts/106335 bytes <-> 746 pkts/93906 bytes]
+	2	UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][cat: Media/1][746 pkts/93906 bytes <-> 742 pkts/104604 bytes]
+	3	TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][cat: VPN/2][22 pkts/5326 bytes <-> 18 pkts/5212 bytes]
+	4	TCP 10.24.82.188:32968 <-> 110.76.143.50:8080 [proto: 64/SSL_No_Cert][cat: Web/5][23 pkts/4380 bytes <-> 22 pkts/5728 bytes]
+	5	TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 64.119/SSL_No_Cert.Facebook][cat: SocialNetwork/6][15 pkts/2932 bytes <-> 14 pkts/1092 bytes]
+	6	UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][12 pkts/1692 bytes <-> 10 pkts/1420 bytes]
+	7	UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes]
+	8	TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com]
+	9	TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][6 pkts/543 bytes <-> 5 pkts/945 bytes]
+	10	TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes]
+	11	TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][cat: Web/5][2 pkts/225 bytes <-> 2 pkts/171 bytes]
+	12	TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][cat: Web/5][5 pkts/350 bytes -> 0 pkts/0 bytes]
+	13	TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][cat: Web/5][3 pkts/168 bytes <-> 2 pkts/112 bytes]
+	14	UDP 10.24.82.188:25223 <-> 10.188.1.1:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/79 bytes <-> 1 pkts/118 bytes][Host: mqtt.facebook.com]
+	15	TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][cat: Web/5][1 pkts/164 bytes -> 0 pkts/0 bytes]
+	16	TCP 173.252.88.128:443 -> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][2 pkts/124 bytes -> 0 pkts/0 bytes]
+	17	TCP 10.24.82.188:49217 -> 216.58.220.174:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/83 bytes -> 0 pkts/0 bytes]
+	18	TCP 173.194.117.229:443 -> 10.24.82.188:38380 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes]
+	19	TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][1 pkts/56 bytes -> 0 pkts/0 bytes]
+	20	TCP 216.58.220.161:443 -> 10.24.82.188:56697 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/56 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/NTPv2.pcap.out b/tests/result/NTPv2.pcap.out
index f66ce1f43..a6038a738 100644
--- a/tests/result/NTPv2.pcap.out
+++ b/tests/result/NTPv2.pcap.out
@@ -1,3 +1,3 @@
 NTP	1	410	1
 
-	1	UDP 208.104.95.10:123 -> 78.46.76.2:80 [proto: 9/NTP][cat: System][1 pkts/410 bytes -> 0 pkts/0 bytes]
+	1	UDP 208.104.95.10:123 -> 78.46.76.2:80 [proto: 9/NTP][cat: System/18][1 pkts/410 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/NTPv3.pcap.out b/tests/result/NTPv3.pcap.out
index bb8c1a32e..c0ef68243 100644
--- a/tests/result/NTPv3.pcap.out
+++ b/tests/result/NTPv3.pcap.out
@@ -1,3 +1,3 @@
 NTP	1	90	1
 
-	1	UDP 175.144.140.29:123 -> 78.46.76.2:80 [proto: 9/NTP][cat: System][1 pkts/90 bytes -> 0 pkts/0 bytes]
+	1	UDP 175.144.140.29:123 -> 78.46.76.2:80 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/NTPv4.pcap.out b/tests/result/NTPv4.pcap.out
index 43609d774..606c4787d 100644
--- a/tests/result/NTPv4.pcap.out
+++ b/tests/result/NTPv4.pcap.out
@@ -1,3 +1,3 @@
 NTP	1	90	1
 
-	1	UDP 85.22.62.120:123 -> 78.46.76.11:123 [proto: 9/NTP][cat: System][1 pkts/90 bytes -> 0 pkts/0 bytes]
+	1	UDP 85.22.62.120:123 -> 78.46.76.11:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out
index e7166d465..18053c887 100644
--- a/tests/result/Oscar.pcap.out
+++ b/tests/result/Oscar.pcap.out
@@ -1,3 +1,3 @@
 Oscar	71	9386	1
 
-	1	TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 69/Oscar][cat: Chat][38 pkts/3580 bytes <-> 33 pkts/5806 bytes]
+	1	TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 69/Oscar][cat: Chat/9][38 pkts/3580 bytes <-> 33 pkts/5806 bytes]
diff --git a/tests/result/ajp.pcap.out b/tests/result/ajp.pcap.out
index ceac25731..dcb4fa500 100644
--- a/tests/result/ajp.pcap.out
+++ b/tests/result/ajp.pcap.out
@@ -1,8 +1,8 @@
 Unknown	6	2200	2
 AJP	26	4446	2
 
-	1	TCP 172.29.9.146:38856 <-> 172.29.9.147:8009 [VLAN: 7][proto: 139/AJP][cat: Web][7 pkts/1554 bytes <-> 6 pkts/669 bytes]
-	2	TCP 172.29.9.146:38856 <-> 172.29.9.147:8010 [VLAN: 7][proto: 139/AJP][cat: Web][7 pkts/1554 bytes <-> 6 pkts/669 bytes]
+	1	TCP 172.29.9.146:38856 <-> 172.29.9.147:8009 [VLAN: 7][proto: 139/AJP][cat: Web/5][7 pkts/1554 bytes <-> 6 pkts/669 bytes]
+	2	TCP 172.29.9.146:38856 <-> 172.29.9.147:8010 [VLAN: 7][proto: 139/AJP][cat: Web/5][7 pkts/1554 bytes <-> 6 pkts/669 bytes]
 
 
 Undetected flows:
diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out
index 21aaa55e7..ac54b0e25 100644
--- a/tests/result/amqp.pcap.out
+++ b/tests/result/amqp.pcap.out
@@ -1,5 +1,5 @@
 AMQP	160	23514	3
 
-	1	TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][cat: RPC][54 pkts/10859 bytes <-> 54 pkts/3564 bytes]
-	2	TCP 127.0.1.1:5672 <-> 127.0.0.1:44204 [proto: 192/AMQP][cat: RPC][13 pkts/4327 bytes <-> 9 pkts/699 bytes]
-	3	TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][cat: RPC][15 pkts/3075 bytes <-> 15 pkts/990 bytes]
+	1	TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][cat: RPC/16][54 pkts/10859 bytes <-> 54 pkts/3564 bytes]
+	2	TCP 127.0.1.1:5672 <-> 127.0.0.1:44204 [proto: 192/AMQP][cat: RPC/16][13 pkts/4327 bytes <-> 9 pkts/699 bytes]
+	3	TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][cat: RPC/16][15 pkts/3075 bytes <-> 15 pkts/990 bytes]
diff --git a/tests/result/bitcoin.pcap.out b/tests/result/bitcoin.pcap.out
new file mode 100644
index 000000000..3b0e89dd0
--- /dev/null
+++ b/tests/result/bitcoin.pcap.out
@@ -0,0 +1,8 @@
+Mining	637	581074	6
+
+	1	TCP 192.168.1.142:55328 <-> 69.118.54.122:8333 [proto: 42/Mining][cat: Mining/99][2 pkts/281 bytes <-> 137 pkts/191029 bytes]
+	2	TCP 192.168.1.142:55348 <-> 74.89.181.229:8333 [proto: 42/Mining][cat: Mining/99][55 pkts/28663 bytes <-> 117 pkts/134830 bytes]
+	3	TCP 192.168.1.142:55383 <-> 66.68.83.22:8333 [proto: 42/Mining][cat: Mining/99][65 pkts/45271 bytes <-> 96 pkts/70339 bytes]
+	4	TCP 192.168.1.142:55400 <-> 195.218.16.178:8333 [proto: 42/Mining][cat: Mining/99][47 pkts/26824 bytes <-> 72 pkts/55927 bytes]
+	5	TCP 192.168.1.142:55317 <-> 188.165.213.169:8333 [proto: 42/Mining][cat: Mining/99][16 pkts/21673 bytes <-> 3 pkts/1771 bytes]
+	6	TCP 192.168.1.142:55487 <-> 184.58.165.119:8333 [proto: 42/Mining][cat: Mining/99][24 pkts/3082 bytes <-> 3 pkts/1384 bytes]
diff --git a/tests/result/bittorrent.pcap.out b/tests/result/bittorrent.pcap.out
index a4c055bc7..b549e5eab 100644
--- a/tests/result/bittorrent.pcap.out
+++ b/tests/result/bittorrent.pcap.out
@@ -1,26 +1,26 @@
 BitTorrent	299	305728	24
 
-	1	TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	2	TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][4 pkts/583 bytes <-> 4 pkts/975 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	3	TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][4 pkts/640 bytes <-> 3 pkts/910 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	4	TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][2 pkts/583 bytes <-> 2 pkts/818 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	5	TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/582 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	6	TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/510 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	7	TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/410 bytes <-> 3 pkts/851 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	8	TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/455 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	9	TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/442 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	10	TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/440 bytes <-> 2 pkts/772 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	11	TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	12	TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	13	TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/430 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	14	TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/409 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	15	TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][1 pkts/134 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	16	TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][1 pkts/134 bytes <-> 1 pkts/624 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	17	TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][2 pkts/349 bytes <-> 2 pkts/265 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	18	TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][3 pkts/455 bytes <-> 1 pkts/157 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	19	TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	20	TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	21	TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	22	TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	23	TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
-	24	TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	1	TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	2	TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][4 pkts/583 bytes <-> 4 pkts/975 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	3	TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][4 pkts/640 bytes <-> 3 pkts/910 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	4	TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][2 pkts/583 bytes <-> 2 pkts/818 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	5	TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/582 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	6	TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/510 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	7	TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/410 bytes <-> 3 pkts/851 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	8	TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/455 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	9	TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/442 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	10	TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/440 bytes <-> 2 pkts/772 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	11	TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	12	TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	13	TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/430 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	14	TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/409 bytes <-> 2 pkts/771 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	15	TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][1 pkts/134 bytes <-> 2 pkts/796 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	16	TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][1 pkts/134 bytes <-> 1 pkts/624 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	17	TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][2 pkts/349 bytes <-> 2 pkts/265 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	18	TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][3 pkts/455 bytes <-> 1 pkts/157 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	19	TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	20	TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	21	TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	22	TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	23	TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
+	24	TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][1 pkts/134 bytes -> 0 pkts/0 bytes][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126]
diff --git a/tests/result/bittorrent_ip.pcap.out b/tests/result/bittorrent_ip.pcap.out
index 5a08d2dee..5594deec3 100644
--- a/tests/result/bittorrent_ip.pcap.out
+++ b/tests/result/bittorrent_ip.pcap.out
@@ -1,4 +1,4 @@
 BitTorrent	479	508018	2
 
-	1	TCP 77.222.174.20:2866 <-> 10.0.0.14:46610 [proto: 37/BitTorrent][305 pkts/461770 bytes <-> 126 pkts/8316 bytes]
-	2	TCP 185.56.20.36:53646 <-> 10.0.0.14:35030 [proto: 37/BitTorrent][25 pkts/36414 bytes <-> 23 pkts/1518 bytes]
+	1	TCP 77.222.174.20:2866 <-> 10.0.0.14:46610 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][305 pkts/461770 bytes <-> 126 pkts/8316 bytes]
+	2	TCP 185.56.20.36:53646 <-> 10.0.0.14:35030 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][25 pkts/36414 bytes <-> 23 pkts/1518 bytes]
diff --git a/tests/result/bittorrent_utp.pcap.out b/tests/result/bittorrent_utp.pcap.out
index 7ac4aab03..ece7be47f 100644
--- a/tests/result/bittorrent_utp.pcap.out
+++ b/tests/result/bittorrent_utp.pcap.out
@@ -1,3 +1,3 @@
 BitTorrent	86	41489	1
 
-	1	UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][47 pkts/36653 bytes <-> 39 pkts/4836 bytes]
+	1	UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][47 pkts/36653 bytes <-> 39 pkts/4836 bytes]
diff --git a/tests/result/bt_search.pcap.out b/tests/result/bt_search.pcap.out
index b9223217a..36c5b049e 100644
--- a/tests/result/bt_search.pcap.out
+++ b/tests/result/bt_search.pcap.out
@@ -1,3 +1,3 @@
 BitTorrent	2	322	1
 
-	1	UDP 192.168.0.102:6771 -> 239.192.152.143:6771 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing][2 pkts/322 bytes -> 0 pkts/0 bytes]
+	1	UDP 192.168.0.102:6771 -> 239.192.152.143:6771 [proto: 37/BitTorrent][cat: Download-FileTransfer-FileSharing/7][2 pkts/322 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/check_mk_new.pcap.out b/tests/result/check_mk_new.pcap.out
index 8c0e21557..631a236c2 100644
--- a/tests/result/check_mk_new.pcap.out
+++ b/tests/result/check_mk_new.pcap.out
@@ -1,3 +1,3 @@
 CHECKMK	98	20242	1
 
-	1	TCP 192.168.100.22:58998 <-> 192.168.100.50:6556 [proto: 138/CHECKMK][cat: DataTransfer][49 pkts/3242 bytes <-> 49 pkts/17000 bytes]
+	1	TCP 192.168.100.22:58998 <-> 192.168.100.50:6556 [proto: 138/CHECKMK][cat: DataTransfer/4][49 pkts/3242 bytes <-> 49 pkts/17000 bytes]
diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out
index d57d6e77a..4b780fee0 100644
--- a/tests/result/coap_mqtt.pcap.out
+++ b/tests/result/coap_mqtt.pcap.out
@@ -2,19 +2,19 @@ COAP	19	1614	8
 Dropbox	800	80676	4
 MQTT	7695	668291	4
 
-	1	TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][cat: RPC][924 pkts/77180 bytes <-> 1004 pkts/90329 bytes]
-	2	TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][cat: RPC][918 pkts/76692 bytes <-> 1008 pkts/90434 bytes]
-	3	TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][cat: RPC][921 pkts/76872 bytes <-> 1001 pkts/90056 bytes]
-	4	TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][cat: RPC][1005 pkts/90274 bytes <-> 914 pkts/76454 bytes]
-	5	UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes]
-	6	UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13947 bytes <-> 100 pkts/6247 bytes]
-	7	UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes]
-	8	UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes]
-	9	UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][cat: RPC][3 pkts/262 bytes <-> 3 pkts/205 bytes]
-	10	UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][cat: RPC][2 pkts/147 bytes <-> 2 pkts/257 bytes]
-	11	UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][cat: RPC][2 pkts/158 bytes <-> 2 pkts/151 bytes]
-	12	UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61047 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][cat: RPC][1 pkts/90 bytes -> 0 pkts/0 bytes]
-	13	UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61043 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][cat: RPC][1 pkts/86 bytes -> 0 pkts/0 bytes]
-	14	UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][cat: RPC][1 pkts/86 bytes -> 0 pkts/0 bytes]
-	15	UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][cat: RPC][1 pkts/86 bytes -> 0 pkts/0 bytes]
-	16	UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61046 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][cat: RPC][1 pkts/86 bytes -> 0 pkts/0 bytes]
+	1	TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][cat: RPC/16][924 pkts/77180 bytes <-> 1004 pkts/90329 bytes]
+	2	TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][cat: RPC/16][918 pkts/76692 bytes <-> 1008 pkts/90434 bytes]
+	3	TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][cat: RPC/16][921 pkts/76872 bytes <-> 1001 pkts/90056 bytes]
+	4	TCP 192.168.56.101:17501 <-> 192.168.56.1:53524 [proto: 222/MQTT][cat: RPC/16][1005 pkts/90274 bytes <-> 914 pkts/76454 bytes]
+	5	UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes]
+	6	UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes]
+	7	UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes]
+	8	UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13910 bytes <-> 100 pkts/6210 bytes]
+	9	UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][cat: RPC/16][3 pkts/262 bytes <-> 3 pkts/205 bytes]
+	10	UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][cat: RPC/16][2 pkts/147 bytes <-> 2 pkts/257 bytes]
+	11	UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][cat: RPC/16][2 pkts/158 bytes <-> 2 pkts/151 bytes]
+	12	UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61047 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][cat: RPC/16][1 pkts/90 bytes -> 0 pkts/0 bytes]
+	13	UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61043 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][cat: RPC/16][1 pkts/86 bytes -> 0 pkts/0 bytes]
+	14	UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61044 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][cat: RPC/16][1 pkts/86 bytes -> 0 pkts/0 bytes]
+	15	UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61045 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][cat: RPC/16][1 pkts/86 bytes -> 0 pkts/0 bytes]
+	16	UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:61046 -> [2001:620:8:35d9::10]:5683 [proto: 27/COAP][cat: RPC/16][1 pkts/86 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/diameter.pcap.out b/tests/result/diameter.pcap.out
index 9a43af0ef..50b5651ab 100644
--- a/tests/result/diameter.pcap.out
+++ b/tests/result/diameter.pcap.out
@@ -1,3 +1,3 @@
 Diameter	6	1980	1
 
-	1	TCP 10.201.9.245:50957 <-> 10.201.9.11:3868 [proto: 237/Diameter][3 pkts/1174 bytes <-> 3 pkts/806 bytes]
+	1	TCP 10.201.9.245:50957 <-> 10.201.9.11:3868 [proto: 237/Diameter][cat: Web/5][3 pkts/1174 bytes <-> 3 pkts/806 bytes]
diff --git a/tests/result/dnscrypt.pcap.out b/tests/result/dnscrypt.pcap.out
index b70c1f23e..9ab60cc4e 100644
--- a/tests/result/dnscrypt.pcap.out
+++ b/tests/result/dnscrypt.pcap.out
@@ -1,6 +1,6 @@
 DNScrypt	111	44676	4
 
-	1	TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][cat: Network][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][client: simplednscrypt.org]
-	2	TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][cat: Network][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][client: simplednscrypt.org]
-	3	TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][cat: Network][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org]
-	4	TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][cat: Network][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org]
+	1	TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][cat: Network/14][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][client: simplednscrypt.org]
+	2	TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][cat: Network/14][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][client: simplednscrypt.org]
+	3	TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][cat: Network/14][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org]
+	4	TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/SSL.DNScrypt][cat: Network/14][8 pkts/780 bytes <-> 10 pkts/7735 bytes][client: simplednscrypt.org]
diff --git a/tests/result/drda_db2.pcap.out b/tests/result/drda_db2.pcap.out
index e8525a243..37d94f77e 100644
--- a/tests/result/drda_db2.pcap.out
+++ b/tests/result/drda_db2.pcap.out
@@ -1,3 +1,3 @@
 DRDA	38	6691	1
 
-	1	TCP 192.168.106.1:4847 <-> 192.168.106.128:50000 [proto: 227/DRDA][cat: Database][20 pkts/3169 bytes <-> 18 pkts/3522 bytes]
+	1	TCP 192.168.106.1:4847 <-> 192.168.106.128:50000 [proto: 227/DRDA][cat: Database/11][20 pkts/3169 bytes <-> 18 pkts/3522 bytes]
diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out
index ae71381ed..a015f4d46 100644
--- a/tests/result/dropbox.pcap.out
+++ b/tests/result/dropbox.pcap.out
@@ -1,43 +1,17 @@
-MDNS	16	1648	1
-SSDP	140	61108	22
-Dropbox	1104	246122	16
+Dropbox	848	90532	15
 
-	1	TCP 192.168.1.105:44949 <-> 54.240.174.31:443 [proto: 91.121/SSL.Dropbox][cat: Cloud][64 pkts/12228 bytes <-> 74 pkts/85074 bytes][client: client-cf.dropbox.com][server: client-cf.dropbox.com]
-	2	TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][cat: Cloud][28 pkts/12486 bytes <-> 26 pkts/14946 bytes][client: d.dropbox.com]
-	3	UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13960 bytes <-> 100 pkts/6260 bytes]
-	4	UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13947 bytes <-> 100 pkts/6247 bytes]
-	5	UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13921 bytes <-> 100 pkts/6221 bytes]
-	6	UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][100 pkts/13910 bytes <-> 100 pkts/6210 bytes]
-	7	UDP 192.168.1.254:50828 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][44 pkts/19936 bytes -> 0 pkts/0 bytes]
-	8	TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][cat: Cloud][18 pkts/3562 bytes <-> 16 pkts/14464 bytes][client: client.dropbox.com][server: *.dropbox.com]
-	9	TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][cat: Cloud][12 pkts/2338 bytes <-> 10 pkts/9054 bytes][client: notify.dropbox.com][server: *.dropbox.com]
-	10	TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][cat: Cloud][10 pkts/2170 bytes <-> 10 pkts/1758 bytes][Host: log.getdropbox.com]
-	11	UDP 192.168.1.101:1650 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/2836 bytes -> 0 pkts/0 bytes]
-	12	UDP 192.168.1.101:2141 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/2836 bytes -> 0 pkts/0 bytes]
-	13	UDP 192.168.1.101:2873 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/2836 bytes -> 0 pkts/0 bytes]
-	14	UDP 192.168.1.101:3412 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/2836 bytes -> 0 pkts/0 bytes]
-	15	UDP 192.168.1.101:3547 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/2836 bytes -> 0 pkts/0 bytes]
-	16	UDP 192.168.1.101:3959 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/2836 bytes -> 0 pkts/0 bytes]
-	17	UDP 192.168.1.101:4169 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/2836 bytes -> 0 pkts/0 bytes]
-	18	UDP 192.168.1.101:4171 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/2836 bytes -> 0 pkts/0 bytes]
-	19	UDP 192.168.1.101:4625 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/2836 bytes -> 0 pkts/0 bytes]
-	20	UDP 192.168.1.101:4974 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/2836 bytes -> 0 pkts/0 bytes]
-	21	UDP 192.168.1.106:57268 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][16 pkts/2632 bytes -> 0 pkts/0 bytes]
-	22	UDP 192.168.1.106:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network][16 pkts/1648 bytes -> 0 pkts/0 bytes]
-	23	UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud][6 pkts/1422 bytes -> 0 pkts/0 bytes]
-	24	UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud][6 pkts/1422 bytes -> 0 pkts/0 bytes]
-	25	UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Host: log.getdropbox.com]
-	26	UDP 192.168.1.101:1280 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/1018 bytes -> 0 pkts/0 bytes]
-	27	UDP 192.168.1.101:1346 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/1018 bytes -> 0 pkts/0 bytes]
-	28	UDP 192.168.1.101:1908 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/1018 bytes -> 0 pkts/0 bytes]
-	29	UDP 192.168.1.101:2159 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/1018 bytes -> 0 pkts/0 bytes]
-	30	UDP 192.168.1.101:2169 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/1018 bytes -> 0 pkts/0 bytes]
-	31	UDP 192.168.1.101:2544 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/1018 bytes -> 0 pkts/0 bytes]
-	32	UDP 192.168.1.101:2604 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/1018 bytes -> 0 pkts/0 bytes]
-	33	UDP 192.168.1.101:2991 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/1018 bytes -> 0 pkts/0 bytes]
-	34	UDP 192.168.1.101:3731 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/1018 bytes -> 0 pkts/0 bytes]
-	35	UDP 192.168.1.101:3777 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/1018 bytes -> 0 pkts/0 bytes]
-	36	UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud][2 pkts/156 bytes <-> 2 pkts/666 bytes][Host: client.dropbox.com]
-	37	UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud][2 pkts/146 bytes <-> 2 pkts/646 bytes][Host: d.dropbox.com]
-	38	UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud][2 pkts/162 bytes <-> 2 pkts/612 bytes][Host: client-cf.dropbox.com]
-	39	UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud][2 pkts/156 bytes <-> 2 pkts/588 bytes][Host: notify.dropbox.com]
+	1	UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes]
+	2	UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes]
+	3	UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes]
+	4	UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][cat: Cloud/13][100 pkts/13910 bytes <-> 100 pkts/6210 bytes]
+	5	UDP 192.168.1.105:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes]
+	6	UDP 192.168.1.105:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/1422 bytes -> 0 pkts/0 bytes]
+	7	UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][4 pkts/312 bytes <-> 4 pkts/1078 bytes][Host: log.getdropbox.com]
+	8	UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/666 bytes][Host: client.dropbox.com]
+	9	UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/146 bytes <-> 2 pkts/646 bytes][Host: d.dropbox.com]
+	10	UDP 192.168.1.105:49112 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/162 bytes <-> 2 pkts/612 bytes][Host: client-cf.dropbox.com]
+	11	UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][cat: Cloud/13][2 pkts/156 bytes <-> 2 pkts/588 bytes][Host: notify.dropbox.com]
+	12	UDP 192.168.1.6:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/630 bytes -> 0 pkts/0 bytes]
+	13	UDP 192.168.1.6:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/630 bytes -> 0 pkts/0 bytes]
+	14	UDP 192.168.1.64:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/615 bytes -> 0 pkts/0 bytes]
+	15	UDP 192.168.1.64:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/615 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/ethereum.pcap.out b/tests/result/ethereum.pcap.out
new file mode 100644
index 000000000..2afe0fad1
--- /dev/null
+++ b/tests/result/ethereum.pcap.out
@@ -0,0 +1,4 @@
+Mining	819	134165	2
+
+	1	TCP 192.168.2.92:57726 <-> 94.23.36.128:4444 [proto: 42/Mining][cat: Mining/99][478 pkts/52883 bytes <-> 308 pkts/76667 bytes]
+	2	TCP 192.168.2.92:41680 <-> 91.121.222.33:4444 [proto: 42/Mining][cat: Mining/99][20 pkts/2159 bytes <-> 13 pkts/2456 bytes]
diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out
index 8e22a431b..b34851e55 100644
--- a/tests/result/facebook.pcap.out
+++ b/tests/result/facebook.pcap.out
@@ -1,4 +1,4 @@
 Facebook	60	30511	2
 
-	1	TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][client: www.facebook.com]
-	2	TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][client: facebook.com][server: *.facebook.com]
+	1	TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][client: www.facebook.com]
+	2	TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][client: facebook.com][server: *.facebook.com]
diff --git a/tests/result/fix.pcap.out b/tests/result/fix.pcap.out
index e8eae565a..1e2e57896 100644
--- a/tests/result/fix.pcap.out
+++ b/tests/result/fix.pcap.out
@@ -1,14 +1,14 @@
 FIX	1261	115514	12
 
-	1	TCP 208.245.107.3:4000 <-> 192.168.0.20:45578 [proto: 230/FIX][cat: RPC][228 pkts/26333 bytes <-> 228 pkts/13920 bytes]
-	2	TCP 8.17.22.31:4000 <-> 192.168.0.20:47968 [proto: 230/FIX][cat: RPC][201 pkts/21246 bytes <-> 200 pkts/13460 bytes]
-	3	TCP 8.17.22.31:4000 <-> 192.168.0.20:43594 [proto: 230/FIX][cat: RPC][111 pkts/16881 bytes <-> 111 pkts/7680 bytes]
-	4	TCP 208.245.107.3:4000 <-> 192.168.0.20:45584 [proto: 230/FIX][cat: RPC][35 pkts/3022 bytes <-> 35 pkts/2342 bytes]
-	5	TCP 8.17.22.31:4000 <-> 192.168.0.20:40918 [proto: 230/FIX][cat: RPC][18 pkts/1938 bytes <-> 18 pkts/1358 bytes]
-	6	TCP 208.245.107.3:4000 <-> 192.168.0.20:38652 [proto: 230/FIX][cat: RPC][9 pkts/961 bytes <-> 9 pkts/700 bytes]
-	7	TCP 8.17.22.31:4000 <-> 192.168.0.20:47952 [proto: 230/FIX][cat: RPC][5 pkts/577 bytes <-> 5 pkts/484 bytes]
-	8	TCP 8.17.22.31:4000 <-> 192.168.0.20:47962 [proto: 230/FIX][cat: RPC][6 pkts/513 bytes <-> 4 pkts/522 bytes]
-	9	TCP 208.245.107.3:4000 <-> 192.168.0.20:39094 [proto: 230/FIX][cat: RPC][6 pkts/456 bytes <-> 5 pkts/551 bytes]
-	10	TCP 217.192.86.32:4000 <-> 192.168.0.20:53330 [proto: 230/FIX][cat: RPC][6 pkts/456 bytes <-> 5 pkts/551 bytes]
-	11	TCP 208.245.107.3:4000 <-> 192.168.0.20:38646 [proto: 230/FIX][cat: RPC][6 pkts/441 bytes <-> 4 pkts/477 bytes]
-	12	TCP 8.17.22.31:4000 <-> 192.168.0.20:40928 [proto: 230/FIX][cat: RPC][4 pkts/342 bytes <-> 2 pkts/303 bytes]
+	1	TCP 208.245.107.3:4000 <-> 192.168.0.20:45578 [proto: 230/FIX][cat: RPC/16][228 pkts/26333 bytes <-> 228 pkts/13920 bytes]
+	2	TCP 8.17.22.31:4000 <-> 192.168.0.20:47968 [proto: 230/FIX][cat: RPC/16][201 pkts/21246 bytes <-> 200 pkts/13460 bytes]
+	3	TCP 8.17.22.31:4000 <-> 192.168.0.20:43594 [proto: 230/FIX][cat: RPC/16][111 pkts/16881 bytes <-> 111 pkts/7680 bytes]
+	4	TCP 208.245.107.3:4000 <-> 192.168.0.20:45584 [proto: 230/FIX][cat: RPC/16][35 pkts/3022 bytes <-> 35 pkts/2342 bytes]
+	5	TCP 8.17.22.31:4000 <-> 192.168.0.20:40918 [proto: 230/FIX][cat: RPC/16][18 pkts/1938 bytes <-> 18 pkts/1358 bytes]
+	6	TCP 208.245.107.3:4000 <-> 192.168.0.20:38652 [proto: 230/FIX][cat: RPC/16][9 pkts/961 bytes <-> 9 pkts/700 bytes]
+	7	TCP 8.17.22.31:4000 <-> 192.168.0.20:47952 [proto: 230/FIX][cat: RPC/16][5 pkts/577 bytes <-> 5 pkts/484 bytes]
+	8	TCP 8.17.22.31:4000 <-> 192.168.0.20:47962 [proto: 230/FIX][cat: RPC/16][6 pkts/513 bytes <-> 4 pkts/522 bytes]
+	9	TCP 208.245.107.3:4000 <-> 192.168.0.20:39094 [proto: 230/FIX][cat: RPC/16][6 pkts/456 bytes <-> 5 pkts/551 bytes]
+	10	TCP 217.192.86.32:4000 <-> 192.168.0.20:53330 [proto: 230/FIX][cat: RPC/16][6 pkts/456 bytes <-> 5 pkts/551 bytes]
+	11	TCP 208.245.107.3:4000 <-> 192.168.0.20:38646 [proto: 230/FIX][cat: RPC/16][6 pkts/441 bytes <-> 4 pkts/477 bytes]
+	12	TCP 8.17.22.31:4000 <-> 192.168.0.20:40928 [proto: 230/FIX][cat: RPC/16][4 pkts/342 bytes <-> 2 pkts/303 bytes]
diff --git a/tests/result/git.pcap.out b/tests/result/git.pcap.out
index 392823a47..e1415d97a 100644
--- a/tests/result/git.pcap.out
+++ b/tests/result/git.pcap.out
@@ -1,3 +1,3 @@
 Git	90	74005	1
 
-	1	TCP 192.168.0.77:47991 <-> 5.153.231.21:9418 [proto: 226/Git][cat: Collaborative][41 pkts/3319 bytes <-> 49 pkts/70686 bytes]
+	1	TCP 192.168.0.77:47991 <-> 5.153.231.21:9418 [proto: 226/Git][cat: Collaborative/15][41 pkts/3319 bytes <-> 49 pkts/70686 bytes]
diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out
index d0049d632..0a4e91ba8 100644
--- a/tests/result/google_ssl.pcap.out
+++ b/tests/result/google_ssl.pcap.out
@@ -1,3 +1,3 @@
 Google	28	9108	1
 
-	1	TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91.126/SSL.Google][cat: Web][16 pkts/1512 bytes <-> 12 pkts/7596 bytes][server: www.google.com]
+	1	TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91.126/SSL.Google][cat: Web/5][16 pkts/1512 bytes <-> 12 pkts/7596 bytes][server: www.google.com]
diff --git a/tests/result/hangout.pcap.out b/tests/result/hangout.pcap.out
index ce689988f..323e41d36 100644
--- a/tests/result/hangout.pcap.out
+++ b/tests/result/hangout.pcap.out
@@ -1,3 +1,3 @@
 GoogleHangout	19	2774	1
 
-	1	UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201/GoogleHangout][cat: Chat][19 pkts/2774 bytes -> 0 pkts/0 bytes]
+	1	UDP 74.125.134.127:19305 -> 10.89.61.13:56406 [proto: 201/GoogleHangout][cat: Chat/9][19 pkts/2774 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out
index b53de1bde..c9de9cedb 100644
--- a/tests/result/http_ipv6.pcap.out
+++ b/tests/result/http_ipv6.pcap.out
@@ -4,18 +4,18 @@ Facebook	22	10202	2
 Google	62	15977	1
 QUIC	3	502	1
 
-	1	UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][cat: Web][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it]
-	2	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/SSL.ntop][cat: Network][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org]
-	3	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/SSL.ntop][cat: Network][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org]
-	4	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/SSL.ntop][cat: Network][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org]
-	5	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/SSL.ntop][cat: Network][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org]
-	6	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net]
-	7	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net]
-	8	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes]
-	9	UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][cat: Web][2 pkts/359 bytes <-> 1 pkts/143 bytes]
-	10	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes]
-	11	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes]
-	12	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes]
-	13	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes]
-	14	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes]
-	15	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes]
+	1	UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][cat: Web/5][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it]
+	2	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/SSL.ntop][cat: Network/14][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org]
+	3	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/SSL.ntop][cat: Network/14][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org]
+	4	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/SSL.ntop][cat: Network/14][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org]
+	5	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/SSL.ntop][cat: Network/14][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org]
+	6	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net]
+	7	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][cat: SocialNetwork/6][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net]
+	8	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][cat: Web/5][7 pkts/860 bytes <-> 7 pkts/1353 bytes]
+	9	UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][cat: Web/5][2 pkts/359 bytes <-> 1 pkts/143 bytes]
+	10	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes]
+	11	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes]
+	12	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes]
+	13	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes]
+	14	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes]
+	15	TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes]
diff --git a/tests/result/monero.pcap.out b/tests/result/monero.pcap.out
new file mode 100644
index 000000000..d37beae60
--- /dev/null
+++ b/tests/result/monero.pcap.out
@@ -0,0 +1,4 @@
+Mining	319	166676	2
+
+	1	TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][cat: Mining/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes]
+	2	TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][cat: Mining/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes]
diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out
index 3740ee42d..1d888d254 100644
--- a/tests/result/mpeg.pcap.out
+++ b/tests/result/mpeg.pcap.out
@@ -1,3 +1,3 @@
 ntop	19	10643	1
 
-	1	TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.26/HTTP.ntop][cat: Network][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org]
+	1	TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.26/HTTP.ntop][cat: Network/14][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org]
diff --git a/tests/result/mpegts.pcap.out b/tests/result/mpegts.pcap.out
index b85c1f63e..cda24f643 100644
--- a/tests/result/mpegts.pcap.out
+++ b/tests/result/mpegts.pcap.out
@@ -1,3 +1,3 @@
 MPEG_TS	1	1362	1
 
-	1	UDP 10.1.16.48:40737 -> 230.200.201.23:1234 [VLAN: 3359][proto: 198/MPEG_TS][cat: Media][1 pkts/1362 bytes -> 0 pkts/0 bytes]
+	1	UDP 10.1.16.48:40737 -> 230.200.201.23:1234 [VLAN: 3359][proto: 198/MPEG_TS][cat: Media/1][1 pkts/1362 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/msnms.pcap.out b/tests/result/msnms.pcap.out
index 397b397d8..bb3fc91e1 100644
--- a/tests/result/msnms.pcap.out
+++ b/tests/result/msnms.pcap.out
@@ -1,8 +1,8 @@
 MSN	364	56503	6
 
-	1	TCP 192.168.1.14:1208 <-> 207.46.108.83:1863 [proto: 68/MSN][cat: Web][43 pkts/7166 bytes <-> 48 pkts/9557 bytes]
-	2	TCP 192.168.1.14:1221 <-> 207.46.108.59:1863 [proto: 68/MSN][cat: Web][43 pkts/7062 bytes <-> 40 pkts/7349 bytes]
-	3	TCP 192.168.1.14:1217 <-> 207.46.108.41:1863 [proto: 68/MSN][cat: Web][46 pkts/7655 bytes <-> 19 pkts/3761 bytes]
-	4	TCP 192.168.1.14:1037 <-> 207.46.107.149:1863 [proto: 68/MSN][cat: Web][41 pkts/2425 bytes <-> 55 pkts/6426 bytes]
-	5	TCP 192.168.1.14:1220 <-> 207.46.108.150:1863 [proto: 68/MSN][cat: Web][2 pkts/163 bytes <-> 14 pkts/2737 bytes]
-	6	TCP 192.168.1.14:1176 -> 207.46.108.39:1863 [proto: 68/MSN][cat: Web][13 pkts/2202 bytes -> 0 pkts/0 bytes]
+	1	TCP 192.168.1.14:1208 <-> 207.46.108.83:1863 [proto: 68/MSN][cat: Web/5][43 pkts/7166 bytes <-> 48 pkts/9557 bytes]
+	2	TCP 192.168.1.14:1221 <-> 207.46.108.59:1863 [proto: 68/MSN][cat: Web/5][43 pkts/7062 bytes <-> 40 pkts/7349 bytes]
+	3	TCP 192.168.1.14:1217 <-> 207.46.108.41:1863 [proto: 68/MSN][cat: Web/5][46 pkts/7655 bytes <-> 19 pkts/3761 bytes]
+	4	TCP 192.168.1.14:1037 <-> 207.46.107.149:1863 [proto: 68/MSN][cat: Web/5][41 pkts/2425 bytes <-> 55 pkts/6426 bytes]
+	5	TCP 192.168.1.14:1220 <-> 207.46.108.150:1863 [proto: 68/MSN][cat: Web/5][2 pkts/163 bytes <-> 14 pkts/2737 bytes]
+	6	TCP 192.168.1.14:1176 -> 207.46.108.39:1863 [proto: 68/MSN][cat: Web/5][13 pkts/2202 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/mssql_tds.pcap.out b/tests/result/mssql_tds.pcap.out
index 908ddcef5..b24080ac7 100644
--- a/tests/result/mssql_tds.pcap.out
+++ b/tests/result/mssql_tds.pcap.out
@@ -1,14 +1,14 @@
 MsSQL-TDS	38	16260	12
 
-	1	TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][7 pkts/8717 bytes -> 0 pkts/0 bytes]
-	2	TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][10 pkts/1552 bytes <-> 7 pkts/1521 bytes]
-	3	TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][2 pkts/614 bytes <-> 2 pkts/524 bytes]
-	4	TCP 10.111.111.111:4444 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][1 pkts/1136 bytes -> 0 pkts/0 bytes]
-	5	TCP 10.111.111.111:7777 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][1 pkts/425 bytes -> 0 pkts/0 bytes]
-	6	TCP 10.111.111.111:33333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][1 pkts/374 bytes -> 0 pkts/0 bytes]
-	7	TCP 10.111.111.111:22222 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][1 pkts/322 bytes -> 0 pkts/0 bytes]
-	8	TCP 10.111.111.111:9999 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][1 pkts/272 bytes -> 0 pkts/0 bytes]
-	9	TCP 10.111.111.111:11111 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][1 pkts/253 bytes -> 0 pkts/0 bytes]
-	10	TCP 10.111.111.111:3333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][1 pkts/239 bytes -> 0 pkts/0 bytes]
-	11	TCP 10.111.111.111:2222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][1 pkts/98 bytes <-> 1 pkts/71 bytes]
-	12	TCP 10.111.111.111:8888 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database][1 pkts/142 bytes -> 0 pkts/0 bytes]
+	1	TCP 10.111.111.111:6666 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][7 pkts/8717 bytes -> 0 pkts/0 bytes]
+	2	TCP 10.111.111.111:5555 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][10 pkts/1552 bytes <-> 7 pkts/1521 bytes]
+	3	TCP 10.111.111.111:1111 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][2 pkts/614 bytes <-> 2 pkts/524 bytes]
+	4	TCP 10.111.111.111:4444 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/1136 bytes -> 0 pkts/0 bytes]
+	5	TCP 10.111.111.111:7777 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/425 bytes -> 0 pkts/0 bytes]
+	6	TCP 10.111.111.111:33333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/374 bytes -> 0 pkts/0 bytes]
+	7	TCP 10.111.111.111:22222 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/322 bytes -> 0 pkts/0 bytes]
+	8	TCP 10.111.111.111:9999 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/272 bytes -> 0 pkts/0 bytes]
+	9	TCP 10.111.111.111:11111 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/253 bytes -> 0 pkts/0 bytes]
+	10	TCP 10.111.111.111:3333 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/239 bytes -> 0 pkts/0 bytes]
+	11	TCP 10.111.111.111:2222 <-> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/98 bytes <-> 1 pkts/71 bytes]
+	12	TCP 10.111.111.111:8888 -> 10.0.0.1:1433 [proto: 114/MsSQL-TDS][cat: Database/11][1 pkts/142 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out
index 05739b694..41ad6e3f9 100644
--- a/tests/result/netflix.pcap.out
+++ b/tests/result/netflix.pcap.out
@@ -4,64 +4,64 @@ IGMP	1	60	1
 NetFlix	6976	6151821	56
 Amazon	2	126	1
 
-	1	TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Host: 23.246.11.141]
-	2	TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Host: 23.246.3.140]
-	3	TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Host: 23.246.11.133]
-	4	TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Host: tp.akam.nflximg.com]
-	5	TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][client: art-s.nflximg.net][server: secure.cdn.nflximg.net]
-	6	TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141]
-	7	TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Host: art-2.nflximg.net]
-	8	TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][client: api-global.netflix.com][server: api.netflix.com]
-	9	TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
-	10	TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][24 pkts/2040 bytes <-> 34 pkts/45136 bytes]
-	11	TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][21 pkts/1868 bytes <-> 34 pkts/45139 bytes]
-	12	TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net]
-	13	TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][21 pkts/1826 bytes <-> 32 pkts/43179 bytes]
-	14	TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][client: api-global.netflix.com][server: api.netflix.com]
-	15	TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net]
-	16	TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][31 pkts/2596 bytes <-> 29 pkts/37544 bytes]
-	17	TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net]
-	18	TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com]
-	19	TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][33 pkts/2732 bytes <-> 25 pkts/30064 bytes]
-	20	TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][24 pkts/2041 bytes <-> 25 pkts/30064 bytes]
-	21	TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][31 pkts/2571 bytes <-> 22 pkts/28042 bytes]
-	22	TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][client: api-global.netflix.com][server: api.netflix.com]
-	23	TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][32 pkts/2572 bytes <-> 23 pkts/26661 bytes]
-	24	TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][36 pkts/3030 bytes <-> 21 pkts/25455 bytes]
-	25	TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][34 pkts/2864 bytes <-> 21 pkts/25456 bytes]
-	26	TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][30 pkts/2553 bytes <-> 22 pkts/25510 bytes]
-	27	TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com]
-	28	TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][client: api-global.netflix.com]
-	29	TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][35 pkts/2920 bytes <-> 19 pkts/22428 bytes]
-	30	TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][34 pkts/2879 bytes <-> 20 pkts/22373 bytes]
-	31	TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][30 pkts/2610 bytes <-> 20 pkts/22422 bytes]
-	32	TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
-	33	TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com]
-	34	TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
-	35	TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][client: api-global.netflix.com][server: api.netflix.com]
-	36	TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net]
-	37	TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com]
-	38	TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com]
-	39	TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
-	40	TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
-	41	TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com]
-	42	TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
-	43	TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][client: api-global.netflix.com]
-	44	TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][client: api-global.netflix.com][server: api.netflix.com]
-	45	TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][client: api-global.netflix.com]
-	46	TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][cat: Streaming][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][client: api-global.netflix.com]
-	47	UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][16 pkts/2648 bytes -> 0 pkts/0 bytes]
-	48	UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com]
-	49	UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com]
-	50	UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming][1 pkts/80 bytes <-> 1 pkts/371 bytes][Host: ios.nccp.netflix.com]
-	51	UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming][1 pkts/83 bytes <-> 1 pkts/248 bytes][Host: ichnaea.geo.netflix.com]
-	52	UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com]
-	53	UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com]
-	54	UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming][1 pkts/96 bytes <-> 1 pkts/224 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com]
-	55	UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming][1 pkts/79 bytes <-> 1 pkts/192 bytes][Host: appboot.netflix.com]
-	56	UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming][1 pkts/84 bytes <-> 1 pkts/148 bytes][Host: artwork.akam.nflximg.net]
-	57	UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming][1 pkts/85 bytes <-> 1 pkts/137 bytes][Host: sha2.san.akam.nflximg.net]
-	58	UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/81 bytes <-> 1 pkts/113 bytes][Host: a1907.dscg.akamai.net]
-	59	UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/80 bytes <-> 1 pkts/112 bytes][Host: a803.dscg.akamai.net]
-	60	TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes -> 0 pkts/0 bytes]
-	61	IGMP 192.168.1.7:0 -> 239.255.255.250:0 [proto: 82/IGMP][cat: Network][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	1	TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Host: 23.246.11.141]
+	2	TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Host: 23.246.3.140]
+	3	TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Host: 23.246.11.133]
+	4	TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Host: tp.akam.nflximg.com]
+	5	TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][client: art-s.nflximg.net][server: secure.cdn.nflximg.net]
+	6	TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141]
+	7	TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Host: art-2.nflximg.net]
+	8	TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][client: api-global.netflix.com][server: api.netflix.com]
+	9	TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
+	10	TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][24 pkts/2040 bytes <-> 34 pkts/45136 bytes]
+	11	TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][21 pkts/1868 bytes <-> 34 pkts/45139 bytes]
+	12	TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net]
+	13	TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][21 pkts/1826 bytes <-> 32 pkts/43179 bytes]
+	14	TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][client: api-global.netflix.com][server: api.netflix.com]
+	15	TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net]
+	16	TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][31 pkts/2596 bytes <-> 29 pkts/37544 bytes]
+	17	TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net]
+	18	TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com]
+	19	TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][33 pkts/2732 bytes <-> 25 pkts/30064 bytes]
+	20	TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][24 pkts/2041 bytes <-> 25 pkts/30064 bytes]
+	21	TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][31 pkts/2571 bytes <-> 22 pkts/28042 bytes]
+	22	TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][client: api-global.netflix.com][server: api.netflix.com]
+	23	TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][32 pkts/2572 bytes <-> 23 pkts/26661 bytes]
+	24	TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][36 pkts/3030 bytes <-> 21 pkts/25455 bytes]
+	25	TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][34 pkts/2864 bytes <-> 21 pkts/25456 bytes]
+	26	TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][30 pkts/2553 bytes <-> 22 pkts/25510 bytes]
+	27	TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com]
+	28	TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][client: api-global.netflix.com]
+	29	TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][35 pkts/2920 bytes <-> 19 pkts/22428 bytes]
+	30	TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][34 pkts/2879 bytes <-> 20 pkts/22373 bytes]
+	31	TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][30 pkts/2610 bytes <-> 20 pkts/22422 bytes]
+	32	TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
+	33	TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com]
+	34	TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
+	35	TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][client: api-global.netflix.com][server: api.netflix.com]
+	36	TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Streaming/17][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net]
+	37	TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com]
+	38	TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com]
+	39	TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
+	40	TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
+	41	TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][client: ichnaea.netflix.com][server: customerevents.netflix.com]
+	42	TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][client: ios.nccp.netflix.com][server: *.nccp.netflix.com]
+	43	TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][client: api-global.netflix.com]
+	44	TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][client: api-global.netflix.com][server: api.netflix.com]
+	45	TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][client: api-global.netflix.com]
+	46	TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][cat: Streaming/17][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][client: api-global.netflix.com]
+	47	UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/2648 bytes -> 0 pkts/0 bytes]
+	48	UDP 192.168.1.7:51543 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com]
+	49	UDP 192.168.1.7:51622 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][2 pkts/160 bytes <-> 2 pkts/646 bytes][Host: ios.nccp.netflix.com]
+	50	UDP 192.168.1.7:52347 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][1 pkts/80 bytes <-> 1 pkts/371 bytes][Host: ios.nccp.netflix.com]
+	51	UDP 192.168.1.7:60962 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][1 pkts/83 bytes <-> 1 pkts/248 bytes][Host: ichnaea.geo.netflix.com]
+	52	UDP 192.168.1.7:51949 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com]
+	53	UDP 192.168.1.7:52095 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][1 pkts/97 bytes <-> 1 pkts/225 bytes][Host: api-global.latency.prodaa.netflix.com]
+	54	UDP 192.168.1.7:52116 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][1 pkts/96 bytes <-> 1 pkts/224 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com]
+	55	UDP 192.168.1.7:58102 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][1 pkts/79 bytes <-> 1 pkts/192 bytes][Host: appboot.netflix.com]
+	56	UDP 192.168.1.7:59180 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][1 pkts/84 bytes <-> 1 pkts/148 bytes][Host: artwork.akam.nflximg.net]
+	57	UDP 192.168.1.7:57719 <-> 192.168.1.1:53 [proto: 5.133/DNS.NetFlix][cat: Streaming/17][1 pkts/85 bytes <-> 1 pkts/137 bytes][Host: sha2.san.akam.nflximg.net]
+	58	UDP 192.168.1.7:57093 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/113 bytes][Host: a1907.dscg.akamai.net]
+	59	UDP 192.168.1.7:51728 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/112 bytes][Host: a803.dscg.akamai.net]
+	60	TCP 192.168.1.7:52929 -> 52.24.87.6:443 [proto: 91.178/SSL.Amazon][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes]
+	61	IGMP 192.168.1.7:0 -> 239.255.255.250:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out
index 4db2cd6cb..6535e7cc5 100644
--- a/tests/result/nintendo.pcap.out
+++ b/tests/result/nintendo.pcap.out
@@ -2,24 +2,24 @@ ICMP	30	2100	2
 Nintendo	890	320242	12
 Amazon	76	10811	7
 
-	1	UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][cat: Game][169 pkts/61414 bytes <-> 278 pkts/126260 bytes]
-	2	UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][cat: Game][122 pkts/48332 bytes <-> 35 pkts/5026 bytes]
-	3	UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][cat: Game][122 pkts/46476 bytes <-> 38 pkts/5268 bytes]
-	4	TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][34 pkts/4466 bytes <-> 20 pkts/4021 bytes]
-	5	TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][cat: Game][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5
][server: *.baas.nintendo.com]
-	6	TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][cat: Game][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5
][server: *.baas.nintendo.com]
-	7	UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][cat: Game][23 pkts/2682 bytes <-> 16 pkts/3408 bytes]
-	8	UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][cat: Game][8 pkts/1024 bytes <-> 8 pkts/1024 bytes]
-	9	UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][cat: Game][8 pkts/1040 bytes <-> 7 pkts/922 bytes]
-	10	ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network][21 pkts/1470 bytes -> 0 pkts/0 bytes]
-	11	UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net]
-	12	UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/730 bytes -> 0 pkts/0 bytes]
-	13	ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network][9 pkts/630 bytes -> 0 pkts/0 bytes]
-	14	UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][5 pkts/290 bytes <-> 5 pkts/290 bytes]
-	15	UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
-	16	UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
-	17	UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][cat: Game][3 pkts/354 bytes -> 0 pkts/0 bytes]
-	18	UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][3 pkts/318 bytes -> 0 pkts/0 bytes]
-	19	UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/298 bytes -> 0 pkts/0 bytes]
-	20	UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][5 pkts/290 bytes -> 0 pkts/0 bytes]
-	21	TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][1 pkts/54 bytes <-> 1 pkts/54 bytes]
+	1	UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][cat: Game/8][169 pkts/61414 bytes <-> 278 pkts/126260 bytes]
+	2	UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][cat: Game/8][122 pkts/48332 bytes <-> 35 pkts/5026 bytes]
+	3	UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][cat: Game/8][122 pkts/46476 bytes <-> 38 pkts/5268 bytes]
+	4	TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][cat: Web/5][34 pkts/4466 bytes <-> 20 pkts/4021 bytes]
+	5	TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][server: *.baas.nintendo.com]
+	6	TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][server: *.baas.nintendo.com]
+	7	UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][cat: Game/8][23 pkts/2682 bytes <-> 16 pkts/3408 bytes]
+	8	UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][cat: Game/8][8 pkts/1024 bytes <-> 8 pkts/1024 bytes]
+	9	UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][cat: Game/8][8 pkts/1040 bytes <-> 7 pkts/922 bytes]
+	10	ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network/14][21 pkts/1470 bytes -> 0 pkts/0 bytes]
+	11	UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net]
+	12	UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][cat: Web/5][1 pkts/730 bytes -> 0 pkts/0 bytes]
+	13	ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][cat: Network/14][9 pkts/630 bytes -> 0 pkts/0 bytes]
+	14	UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes <-> 5 pkts/290 bytes]
+	15	UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
+	16	UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][cat: Game/8][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
+	17	UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][cat: Game/8][3 pkts/354 bytes -> 0 pkts/0 bytes]
+	18	UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][cat: Web/5][3 pkts/318 bytes -> 0 pkts/0 bytes]
+	19	UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][cat: Web/5][1 pkts/298 bytes -> 0 pkts/0 bytes]
+	20	UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][cat: Web/5][5 pkts/290 bytes -> 0 pkts/0 bytes]
+	21	TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/54 bytes]
diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out
index c9e692b90..51d926ee3 100644
--- a/tests/result/ocs.pcap.out
+++ b/tests/result/ocs.pcap.out
@@ -1,31 +1,30 @@
 Unknown	6	360	1
-DNS	3	214	3
 HTTP	13	1019	2
-SSL	20	2715	1
-Google	27	3176	3
+Google	30	3390	6
+Amazon	20	2715	1
 OCS	863	57552	7
 PlayStore	1	72	1
 GoogleServices	13	2277	2
 
-	1	TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws]
-	2	TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][cat: Media][20 pkts/6089 bytes -> 0 pkts/0 bytes][client: ocs.labgency.ws]
-	3	TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr]
-	4	TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com]
-	5	TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/SSL.GoogleServices][cat: Web][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com]
-	6	TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes -> 0 pkts/0 bytes]
-	7	TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes -> 0 pkts/0 bytes]
-	8	TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws]
-	9	TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com]
-	10	TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com]
-	11	TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][2 pkts/120 bytes -> 0 pkts/0 bytes]
-	12	UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][cat: Network][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com]
-	13	UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][cat: SoftwareUpdate][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com]
-	14	UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5/DNS][cat: Network][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: settings.crashlytics.com]
-	15	UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][cat: Network][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com]
-	16	UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][cat: Web][1 pkts/65 bytes -> 0 pkts/0 bytes][Host: play.googleapis.com]
-	17	UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media][1 pkts/63 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws]
-	18	UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media][1 pkts/61 bytes -> 0 pkts/0 bytes][Host: ocs.labgency.ws]
-	19	UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media][1 pkts/56 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr]
+	1	TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws]
+	2	TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/SSL.OCS][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][client: ocs.labgency.ws]
+	3	TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr]
+	4	TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91.178/SSL.Amazon][cat: Web/5][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com]
+	5	TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/SSL.GoogleServices][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][client: mtalk.google.com]
+	6	TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes]
+	7	TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes]
+	8	TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws]
+	9	TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com]
+	10	TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com]
+	11	TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes]
+	12	UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com]
+	13	UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com]
+	14	UDP 192.168.180.2:40097 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: settings.crashlytics.com]
+	15	UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com]
+	16	UDP 192.168.180.2:11793 -> 8.8.8.8:53 [proto: 5.239/DNS.GoogleServices][cat: Web/5][1 pkts/65 bytes -> 0 pkts/0 bytes][Host: play.googleapis.com]
+	17	UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/63 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws]
+	18	UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/61 bytes -> 0 pkts/0 bytes][Host: ocs.labgency.ws]
+	19	UDP 192.168.180.2:24245 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][cat: Media/1][1 pkts/56 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr]
 
 
 Undetected flows:
diff --git a/tests/result/ookla.pcap.out b/tests/result/ookla.pcap.out
index d89b6c4f2..8cd7bf73d 100644
--- a/tests/result/ookla.pcap.out
+++ b/tests/result/ookla.pcap.out
@@ -1,5 +1,5 @@
 HTTP	5066	4685425	1
 Ookla	20	4320	1
 
-	1	TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 7/HTTP][cat: Web][2202 pkts/1032520 bytes <-> 2864 pkts/3652905 bytes]
-	2	TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][cat: Network][12 pkts/2238 bytes <-> 8 pkts/2082 bytes]
+	1	TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 7/HTTP][cat: Web/5][2202 pkts/1032520 bytes <-> 2864 pkts/3652905 bytes]
+	2	TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][cat: Network/14][12 pkts/2238 bytes <-> 8 pkts/2082 bytes]
diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out
index dedd72082..4acffeaba 100644
--- a/tests/result/openvpn.pcap.out
+++ b/tests/result/openvpn.pcap.out
@@ -1,5 +1,5 @@
 OpenVPN	298	57111	3
 
-	1	UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][cat: VPN][62 pkts/11508 bytes <-> 58 pkts/16664 bytes]
-	2	TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][cat: VPN][44 pkts/7514 bytes <-> 51 pkts/7866 bytes]
-	3	UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][cat: VPN][49 pkts/7860 bytes <-> 34 pkts/5699 bytes]
+	1	UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][cat: VPN/2][62 pkts/11508 bytes <-> 58 pkts/16664 bytes]
+	2	TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][cat: VPN/2][44 pkts/7514 bytes <-> 51 pkts/7866 bytes]
+	3	UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][cat: VPN/2][49 pkts/7860 bytes <-> 34 pkts/5699 bytes]
diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out
index 284677a92..778aa1197 100644
--- a/tests/result/pps.pcap.out
+++ b/tests/result/pps.pcap.out
@@ -1,84 +1,83 @@
 Unknown	990	378832	34
-HTTP	20	7716	10
-SSDP	62	17013	9
-HTTP_Download	23	25892	1
+HTTP	47	42014	11
+SSDP	63	17143	10
+HTTP_Download	26	27222	2
 Google	2	1093	1
-UPnP	1	130	1
-iQIYI	1459	1815935	51
+GenericProtocol	1429	1780307	49
 
-	1	TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com]
-	2	TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com]
-	3	TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com]
-	4	TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66]
-	5	TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com]
-	6	UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][18 pkts/9327 bytes -> 0 pkts/0 bytes]
-	7	TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com]
-	8	TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am]
-	9	TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web][4 pkts/2953 bytes <-> 1 pkts/356 bytes]
-	10	TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com]
-	11	TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com]
-	12	TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am]
-	13	TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	14	TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com]
-	15	TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com]
-	16	TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com]
-	17	UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][9 pkts/1575 bytes -> 0 pkts/0 bytes]
-	18	UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][9 pkts/1539 bytes -> 0 pkts/0 bytes]
-	19	TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com]
-	20	TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com]
-	21	TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com]
-	22	TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66]
-	23	TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com]
-	24	TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com]
-	25	TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com]
-	26	TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com]
-	27	TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	28	TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	29	TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	30	TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	31	TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	32	TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	33	TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com]
-	34	TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	35	TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com]
-	36	UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/1074 bytes -> 0 pkts/0 bytes]
-	37	UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/1050 bytes -> 0 pkts/0 bytes]
-	38	UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][6 pkts/1050 bytes -> 0 pkts/0 bytes]
-	39	TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am]
-	40	TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com]
-	41	TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com]
-	42	TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	43	UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][5 pkts/875 bytes -> 0 pkts/0 bytes]
-	44	TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com]
-	45	TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	46	TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	47	TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	48	TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	49	TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	50	TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com]
-	51	TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com]
-	52	TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com]
-	53	TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com]
-	54	TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com]
-	55	TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com]
-	56	TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am]
-	57	TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com]
-	58	TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com]
-	59	TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com]
-	60	TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com]
-	61	TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com]
-	62	TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
-	63	TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com]
-	64	TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com]
-	65	TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web][2 pkts/398 bytes -> 0 pkts/0 bytes]
-	66	UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/358 bytes -> 0 pkts/0 bytes]
-	67	TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web][1 pkts/347 bytes -> 0 pkts/0 bytes]
-	68	TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.206/HTTP.iQIYI][cat: Streaming][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com]
-	69	TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web][1 pkts/199 bytes -> 0 pkts/0 bytes]
-	70	UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][1 pkts/165 bytes -> 0 pkts/0 bytes]
-	71	UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 153/UPnP][1 pkts/130 bytes -> 0 pkts/0 bytes]
-	72	TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes -> 0 pkts/0 bytes]
-	73	TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	1	TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com]
+	2	TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com]
+	3	TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com]
+	4	TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66]
+	5	TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com]
+	6	UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes]
+	7	TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com]
+	8	TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am]
+	9	TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes]
+	10	TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com]
+	11	TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com]
+	12	TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am]
+	13	TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	14	TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com]
+	15	TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com]
+	16	TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com]
+	17	UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes]
+	18	UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes]
+	19	TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com]
+	20	TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com]
+	21	TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com]
+	22	TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66]
+	23	TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com]
+	24	TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com]
+	25	TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com]
+	26	TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com]
+	27	TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	28	TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	29	TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	30	TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	31	TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	32	TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	33	TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com]
+	34	TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	35	TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com]
+	36	UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes]
+	37	UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes]
+	38	UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes]
+	39	TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am]
+	40	TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com]
+	41	TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com]
+	42	TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	43	UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes]
+	44	TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com]
+	45	TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	46	TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	47	TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	48	TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	49	TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	50	TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com]
+	51	TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com]
+	52	TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com]
+	53	TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com]
+	54	TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com]
+	55	TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com]
+	56	TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am]
+	57	TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com]
+	58	TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com]
+	59	TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com]
+	60	TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com]
+	61	TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com]
+	62	TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am]
+	63	TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com]
+	64	TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com]
+	65	TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes]
+	66	UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes]
+	67	TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes]
+	68	TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com]
+	69	TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes]
+	70	UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes]
+	71	UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes]
+	72	TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes -> 0 pkts/0 bytes]
+	73	TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes]
 
 
 Undetected flows:
diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out
index 16b9d39e4..e1f4aa97f 100644
--- a/tests/result/quic.pcap.out
+++ b/tests/result/quic.pcap.out
@@ -1,18 +1,17 @@
 Unknown	6	7072	1
 GMail	413	254874	1
 YouTube	85	76193	5
-Google	11	10063	2
-QUIC	3	364	1
+Google	14	10427	3
 
-	1	UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][cat: Email][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Host: mail.google.com]
-	2	UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][cat: Media][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Host: www.youtube.com]
-	3	UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][cat: Media][4 pkts/3682 bytes <-> 3 pkts/2863 bytes][Host: www.youtube.com]
-	4	UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][cat: Web][3 pkts/2866 bytes <-> 3 pkts/2863 bytes][Host: fonts.gstatic.com]
-	5	UDP 192.168.1.105:55934 <-> 216.58.201.238:443 [proto: 188.124/QUIC.YouTube][cat: Media][2 pkts/2784 bytes <-> 2 pkts/2784 bytes][Host: s.ytimg.com]
-	6	UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][cat: Web][3 pkts/1550 bytes <-> 2 pkts/2784 bytes][Host: www.google.com]
-	7	UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][cat: Media][2 pkts/1471 bytes <-> 1 pkts/1392 bytes][Host: i.ytimg.com]
-	8	UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][cat: Media][1 pkts/1392 bytes <-> 1 pkts/1392 bytes][Host: yt3.ggpht.com]
-	9	UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188/QUIC][cat: Web][2 pkts/241 bytes <-> 1 pkts/123 bytes]
+	1	UDP 192.168.1.109:57833 <-> 216.58.212.101:443 [proto: 188.122/QUIC.GMail][cat: Email/3][161 pkts/23930 bytes <-> 252 pkts/230944 bytes][Host: mail.google.com]
+	2	UDP 192.168.1.109:35236 <-> 216.58.210.206:443 [proto: 188.124/QUIC.YouTube][cat: Media/1][25 pkts/5276 bytes <-> 44 pkts/53157 bytes][Host: www.youtube.com]
+	3	UDP 192.168.1.105:34438 <-> 216.58.210.238:443 [proto: 188.124/QUIC.YouTube][cat: Media/1][4 pkts/3682 bytes <-> 3 pkts/2863 bytes][Host: www.youtube.com]
+	4	UDP 192.168.1.105:40030 <-> 216.58.201.227:443 [proto: 188.126/QUIC.Google][cat: Web/5][3 pkts/2866 bytes <-> 3 pkts/2863 bytes][Host: fonts.gstatic.com]
+	5	UDP 192.168.1.105:55934 <-> 216.58.201.238:443 [proto: 188.124/QUIC.YouTube][cat: Media/1][2 pkts/2784 bytes <-> 2 pkts/2784 bytes][Host: s.ytimg.com]
+	6	UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][cat: Web/5][3 pkts/1550 bytes <-> 2 pkts/2784 bytes][Host: www.google.com]
+	7	UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][cat: Media/1][2 pkts/1471 bytes <-> 1 pkts/1392 bytes][Host: i.ytimg.com]
+	8	UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][cat: Media/1][1 pkts/1392 bytes <-> 1 pkts/1392 bytes][Host: yt3.ggpht.com]
+	9	UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188.126/QUIC.Google][cat: Web/5][2 pkts/241 bytes <-> 1 pkts/123 bytes]
 
 
 Undetected flows:
diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out
index de6981ec6..c510958eb 100644
--- a/tests/result/quickplay.pcap.out
+++ b/tests/result/quickplay.pcap.out
@@ -1,27 +1,27 @@
 QQ	12	4781	5
 Facebook	6	1740	3
 Google	2	378	1
+GenericProtocol	133	96179	11
 Amazon	2	1469	1
-QuickPlay	133	96179	11
 
-	1	TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com]
-	2	TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com]
-	3	TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com]
-	4	TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com]
-	5	TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com]
-	6	TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com]
-	7	TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com]
-	8	TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com]
-	9	TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com]
-	10	TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com]
-	11	TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][cat: Web][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com]
-	12	TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com]
-	13	TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com]
-	14	TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com]
-	15	TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com]
-	16	TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com]
-	17	TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com]
-	18	TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com]
-	19	TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com]
-	20	TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.196/HTTP.QuickPlay][cat: Streaming][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com]
-	21	TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][cat: Web][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com]
+	1	TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com]
+	2	TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com]
+	3	TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com]
+	4	TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com]
+	5	TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com]
+	6	TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com]
+	7	TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com]
+	8	TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com]
+	9	TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com]
+	10	TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com]
+	11	TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com]
+	12	TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com]
+	13	TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com]
+	14	TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com]
+	15	TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com]
+	16	TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com]
+	17	TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com]
+	18	TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com]
+	19	TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com]
+	20	TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com]
+	21	TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com]
diff --git a/tests/result/rx.pcap.out b/tests/result/rx.pcap.out
index f450ff1b0..c95dfd3e5 100644
--- a/tests/result/rx.pcap.out
+++ b/tests/result/rx.pcap.out
@@ -1,7 +1,7 @@
 RX	132	26475	5
 
-	1	UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][cat: RPC][48 pkts/6808 bytes <-> 31 pkts/5568 bytes]
-	2	UDP 131.114.219.168:7001 <-> 192.167.206.124:7003 [proto: 223/RX][cat: RPC][18 pkts/1833 bytes <-> 9 pkts/8086 bytes]
-	3	UDP 131.114.219.168:7001 <-> 192.167.206.124:7000 [proto: 223/RX][cat: RPC][10 pkts/2085 bytes <-> 10 pkts/1057 bytes]
-	4	UDP 131.114.219.168:38331 <-> 192.167.206.124:7002 [proto: 223/RX][cat: RPC][2 pkts/441 bytes <-> 1 pkts/78 bytes]
-	5	UDP 131.114.219.168:41559 <-> 192.167.206.124:7002 [proto: 223/RX][cat: RPC][2 pkts/441 bytes <-> 1 pkts/78 bytes]
+	1	UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][cat: RPC/16][48 pkts/6808 bytes <-> 31 pkts/5568 bytes]
+	2	UDP 131.114.219.168:7001 <-> 192.167.206.124:7003 [proto: 223/RX][cat: RPC/16][18 pkts/1833 bytes <-> 9 pkts/8086 bytes]
+	3	UDP 131.114.219.168:7001 <-> 192.167.206.124:7000 [proto: 223/RX][cat: RPC/16][10 pkts/2085 bytes <-> 10 pkts/1057 bytes]
+	4	UDP 131.114.219.168:38331 <-> 192.167.206.124:7002 [proto: 223/RX][cat: RPC/16][2 pkts/441 bytes <-> 1 pkts/78 bytes]
+	5	UDP 131.114.219.168:41559 <-> 192.167.206.124:7002 [proto: 223/RX][cat: RPC/16][2 pkts/441 bytes <-> 1 pkts/78 bytes]
diff --git a/tests/result/sip.pcap.out b/tests/result/sip.pcap.out
index f921667ff..16cb570ac 100644
--- a/tests/result/sip.pcap.out
+++ b/tests/result/sip.pcap.out
@@ -2,7 +2,7 @@ RTP	9	1926	1
 SIP	102	47087	2
 RTCP	1	146	1
 
-	1	UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][cat: VoIP][53 pkts/21940 bytes <-> 31 pkts/15635 bytes]
-	2	UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][cat: VoIP][15 pkts/7568 bytes <-> 3 pkts/1944 bytes]
-	3	UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][cat: VoIP][9 pkts/1926 bytes -> 0 pkts/0 bytes]
-	4	UDP 192.168.1.2:30001 -> 212.242.33.36:40393 [proto: 165/RTCP][cat: VoIP][1 pkts/146 bytes -> 0 pkts/0 bytes]
+	1	UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][cat: VoIP/10][53 pkts/21940 bytes <-> 31 pkts/15635 bytes]
+	2	UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][cat: VoIP/10][15 pkts/7568 bytes <-> 3 pkts/1944 bytes]
+	3	UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][cat: Media/1][9 pkts/1926 bytes -> 0 pkts/0 bytes]
+	4	UDP 192.168.1.2:30001 -> 212.242.33.36:40393 [proto: 165/RTCP][cat: VoIP/10][1 pkts/146 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/skype-conference-call.pcap.out b/tests/result/skype-conference-call.pcap.out
index 49349613a..fd6dde8c4 100644
--- a/tests/result/skype-conference-call.pcap.out
+++ b/tests/result/skype-conference-call.pcap.out
@@ -1,3 +1,3 @@
-SkypeCallOut	200	39687	1
+SkypeCall	200	39687	1
 
-	1	UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 125.38/Skype.SkypeCallOut][cat: VoIP][133 pkts/24845 bytes <-> 67 pkts/14842 bytes]
+	1	UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][133 pkts/24845 bytes <-> 67 pkts/14842 bytes]
diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out
index 2c984ef1c..f1fef0ed8 100644
--- a/tests/result/skype.pcap.out
+++ b/tests/result/skype.pcap.out
@@ -3,299 +3,300 @@ DNS	2	267	1
 MDNS	8	1736	2
 NTP	2	180	1
 SSDP	101	38156	6
+SkypeCall	730	71378	170
 ICMP	8	656	1
 IGMP	5	258	4
 SSL	96	8876	7
 Dropbox	38	17948	5
-Skype	2139	324409	249
+Skype	1409	253031	79
 Apple	3	168	1
 AppleiCloud	88	20520	2
 Spotify	5	430	1
 MS_OneDrive	387	198090	1
 ApplePush	12	1877	1
 
-	1	TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][cat: Cloud][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com]
-	2	TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP][231 pkts/60232 bytes <-> 241 pkts/104395 bytes]
-	3	UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][79 pkts/29479 bytes -> 0 pkts/0 bytes]
-	4	TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][cat: Web][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com]
-	5	TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125/Skype][cat: VoIP][62 pkts/6941 bytes <-> 38 pkts/5325 bytes]
-	6	UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][14 pkts/7281 bytes -> 0 pkts/0 bytes]
-	7	TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes]
-	8	TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP][24 pkts/3136 bytes <-> 19 pkts/2618 bytes]
-	9	TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][cat: VoIP][16 pkts/4788 bytes <-> 4 pkts/372 bytes]
-	10	TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP][19 pkts/2797 bytes <-> 13 pkts/2175 bytes]
-	11	TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP][18 pkts/2588 bytes <-> 13 pkts/2100 bytes]
-	12	TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP][15 pkts/2395 bytes <-> 8 pkts/1724 bytes]
-	13	TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][cat: VoIP][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com]
-	14	TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com]
-	15	UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud][6 pkts/3264 bytes -> 0 pkts/0 bytes]
-	16	UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud][6 pkts/3264 bytes -> 0 pkts/0 bytes]
-	17	UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud][5 pkts/2720 bytes -> 0 pkts/0 bytes]
-	18	UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud][5 pkts/2720 bytes -> 0 pkts/0 bytes]
-	19	TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com]
-	20	TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][cat: VoIP][11 pkts/1578 bytes <-> 4 pkts/342 bytes]
-	21	TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238/ApplePush][cat: Cloud][6 pkts/1211 bytes <-> 6 pkts/666 bytes]
-	22	TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes]
-	23	TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][cat: VoIP][14 pkts/1090 bytes <-> 6 pkts/534 bytes]
-	24	TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes]
-	25	TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes]
-	26	TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes]
-	27	TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/285 bytes]
-	28	TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes]
-	29	TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes]
-	30	TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][cat: VoIP][15 pkts/1138 bytes <-> 4 pkts/372 bytes]
-	31	TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][cat: VoIP][14 pkts/1075 bytes <-> 4 pkts/431 bytes]
-	32	TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][cat: VoIP][14 pkts/1100 bytes <-> 5 pkts/395 bytes]
-	33	TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][12 pkts/1207 bytes <-> 3 pkts/277 bytes]
-	34	TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes]
-	35	TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP][14 pkts/1062 bytes <-> 4 pkts/383 bytes]
-	36	TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][cat: VoIP][14 pkts/1083 bytes <-> 4 pkts/359 bytes]
-	37	TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][cat: VoIP][13 pkts/1020 bytes <-> 4 pkts/421 bytes]
-	38	TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP][13 pkts/1010 bytes <-> 5 pkts/402 bytes]
-	39	TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes]
-	40	TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP][14 pkts/1040 bytes <-> 4 pkts/362 bytes]
-	41	TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][cat: VoIP][13 pkts/1004 bytes <-> 4 pkts/397 bytes]
-	42	TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes]
-	43	TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][cat: VoIP][13 pkts/1010 bytes <-> 4 pkts/390 bytes]
-	44	TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][cat: VoIP][14 pkts/1085 bytes <-> 4 pkts/315 bytes]
-	45	TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes]
-	46	TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][cat: VoIP][13 pkts/975 bytes <-> 4 pkts/412 bytes]
-	47	TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][cat: VoIP][13 pkts/995 bytes <-> 4 pkts/391 bytes]
-	48	TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][cat: VoIP][13 pkts/995 bytes <-> 4 pkts/386 bytes]
-	49	TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][cat: VoIP][13 pkts/1000 bytes <-> 4 pkts/380 bytes]
-	50	TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes]
-	51	TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][cat: VoIP][13 pkts/1000 bytes <-> 4 pkts/371 bytes]
-	52	TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][cat: VoIP][13 pkts/971 bytes <-> 4 pkts/399 bytes]
-	53	TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][cat: VoIP][13 pkts/977 bytes <-> 4 pkts/384 bytes]
-	54	TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][cat: VoIP][12 pkts/940 bytes <-> 5 pkts/415 bytes]
-	55	TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][cat: VoIP][12 pkts/948 bytes <-> 4 pkts/407 bytes]
-	56	TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][cat: VoIP][13 pkts/993 bytes <-> 4 pkts/360 bytes]
-	57	TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes]
-	58	TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes]
-	59	TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][12 pkts/1109 bytes <-> 3 pkts/236 bytes]
-	60	TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP][13 pkts/1004 bytes <-> 4 pkts/334 bytes]
-	61	TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes]
-	62	TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][cat: VoIP][13 pkts/1010 bytes <-> 4 pkts/317 bytes]
-	63	TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes]
-	64	TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][cat: VoIP][13 pkts/989 bytes <-> 4 pkts/323 bytes]
-	65	TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes]
-	66	TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][cat: VoIP][12 pkts/969 bytes <-> 4 pkts/337 bytes]
-	67	TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes]
-	68	TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][cat: VoIP][12 pkts/899 bytes <-> 5 pkts/406 bytes]
-	69	TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][cat: VoIP][13 pkts/982 bytes <-> 4 pkts/322 bytes]
-	70	TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes]
-	71	TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][cat: VoIP][11 pkts/836 bytes <-> 5 pkts/442 bytes]
-	72	TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][cat: VoIP][11 pkts/841 bytes <-> 5 pkts/429 bytes]
-	73	TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][11 pkts/999 bytes <-> 4 pkts/266 bytes]
-	74	TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][12 pkts/1032 bytes <-> 3 pkts/230 bytes]
-	75	TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][cat: VoIP][11 pkts/866 bytes <-> 5 pkts/396 bytes]
-	76	TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP][11 pkts/843 bytes <-> 4 pkts/411 bytes]
-	77	TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][cat: VoIP][13 pkts/994 bytes <-> 2 pkts/243 bytes]
-	78	TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][cat: VoIP][11 pkts/820 bytes <-> 5 pkts/416 bytes]
-	79	TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][cat: VoIP][11 pkts/843 bytes <-> 4 pkts/386 bytes]
-	80	TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][cat: VoIP][11 pkts/822 bytes <-> 4 pkts/390 bytes]
-	81	TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes]
-	82	TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP][11 pkts/827 bytes <-> 3 pkts/325 bytes]
-	83	TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes]
-	84	TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][cat: VoIP][12 pkts/935 bytes <-> 2 pkts/197 bytes]
-	85	TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes]
-	86	TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP][11 pkts/838 bytes <-> 3 pkts/270 bytes]
-	87	TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes]
-	88	TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP][11 pkts/814 bytes <-> 3 pkts/287 bytes]
-	89	UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network][4 pkts/908 bytes -> 0 pkts/0 bytes]
-	90	UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network][4 pkts/828 bytes -> 0 pkts/0 bytes]
-	91	TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes]
-	92	ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network][8 pkts/656 bytes -> 0 pkts/0 bytes]
-	93	UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net]
-	94	UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net]
-	95	UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com]
-	96	UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net]
-	97	UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net]
-	98	UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
-	99	UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net]
-	100	UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
-	101	UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net]
-	102	UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
-	103	UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
-	104	UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
-	105	UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
-	106	UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
-	107	UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net]
-	108	UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net]
-	109	UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
-	110	TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes]
-	111	TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes]
-	112	UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
-	113	UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
-	114	UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
-	115	UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
-	116	UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net]
-	117	UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net]
-	118	UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com]
-	119	UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com]
-	120	TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes]
-	121	UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][cat: Streaming][5 pkts/430 bytes -> 0 pkts/0 bytes]
-	122	TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes]
-	123	UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com]
-	124	UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/349 bytes -> 0 pkts/0 bytes]
-	125	UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/349 bytes -> 0 pkts/0 bytes]
-	126	UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/349 bytes -> 0 pkts/0 bytes]
-	127	UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/349 bytes -> 0 pkts/0 bytes]
-	128	UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][cat: VoIP][5 pkts/300 bytes -> 0 pkts/0 bytes]
-	129	UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][cat: VoIP][5 pkts/300 bytes -> 0 pkts/0 bytes]
-	130	UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com]
-	131	UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net]
-	132	UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System][1 pkts/90 bytes <-> 1 pkts/90 bytes]
-	133	UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net]
-	134	UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net]
-	135	UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net]
-	136	TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes]
-	137	IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network][2 pkts/92 bytes -> 0 pkts/0 bytes]
-	138	UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	139	UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	140	UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	141	UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	142	UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	143	UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	144	UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	145	UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	146	UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	147	UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	148	UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	149	UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	150	UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	151	UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	152	UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	153	UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	154	UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	155	UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	156	UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	157	UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	158	UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	159	UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	160	UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	161	UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	162	UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	163	UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	164	UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	165	UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	166	UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	167	UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	168	UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	169	UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	170	UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	171	UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	172	UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	173	UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	174	UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	175	UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	176	UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	177	UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	178	UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	179	UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	180	UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	181	UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	182	UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	183	UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	184	UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	185	UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	186	UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	187	UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	188	UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	189	UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	190	UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	191	UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	192	UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	193	UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	194	UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	195	UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	196	UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	197	UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	198	UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	199	UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	200	UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	201	UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	202	UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	203	UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	204	UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	205	UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	206	UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	207	UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	208	UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	209	UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	210	UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	211	UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	212	UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	213	UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	214	UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	215	UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	216	UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	217	UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	218	UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	219	UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	220	UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	221	UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	222	UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	223	UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	224	UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	225	UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	226	UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	227	UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	228	UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	229	UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	230	UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	231	UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	232	UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	233	UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	234	UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	235	UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	236	UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	237	UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	238	UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	239	UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	240	UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	241	UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	242	UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	243	UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	244	UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	245	UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	246	UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	247	UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	248	UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	249	UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	250	UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	251	UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	252	UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	253	UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	254	UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	255	UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	256	UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	257	UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	258	UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	259	UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	260	UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	261	UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	262	UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	263	UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	264	UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	265	UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	266	UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	267	UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	268	UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	269	UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	270	UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	271	UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	272	UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	273	UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	274	UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	275	IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	276	IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	277	UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][cat: VoIP][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	278	UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][cat: VoIP][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	279	UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][cat: VoIP][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	280	UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][cat: VoIP][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	281	UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][cat: VoIP][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	282	IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network][1 pkts/46 bytes -> 0 pkts/0 bytes]
+	1	TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][cat: Cloud/13][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com]
+	2	TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][231 pkts/60232 bytes <-> 241 pkts/104395 bytes]
+	3	UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][79 pkts/29479 bytes -> 0 pkts/0 bytes]
+	4	TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][cat: Web/5][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com]
+	5	TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][62 pkts/6941 bytes <-> 38 pkts/5325 bytes]
+	6	UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/7281 bytes -> 0 pkts/0 bytes]
+	7	TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][8 pkts/1636 bytes <-> 8 pkts/4344 bytes]
+	8	TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][24 pkts/3136 bytes <-> 19 pkts/2618 bytes]
+	9	TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][cat: VoIP/10][16 pkts/4788 bytes <-> 4 pkts/372 bytes]
+	10	TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][19 pkts/2797 bytes <-> 13 pkts/2175 bytes]
+	11	TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][18 pkts/2588 bytes <-> 13 pkts/2100 bytes]
+	12	TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][15 pkts/2395 bytes <-> 8 pkts/1724 bytes]
+	13	TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com]
+	14	TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com]
+	15	UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes]
+	16	UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][6 pkts/3264 bytes -> 0 pkts/0 bytes]
+	17	UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes]
+	18	UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][5 pkts/2720 bytes -> 0 pkts/0 bytes]
+	19	TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com]
+	20	TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/1578 bytes <-> 4 pkts/342 bytes]
+	21	TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/1211 bytes <-> 6 pkts/666 bytes]
+	22	TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][13 pkts/1554 bytes <-> 3 pkts/200 bytes]
+	23	TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1090 bytes <-> 6 pkts/534 bytes]
+	24	TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][cat: Web/5][13 pkts/1392 bytes <-> 3 pkts/200 bytes]
+	25	TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1305 bytes <-> 3 pkts/285 bytes]
+	26	TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1218 bytes <-> 4 pkts/351 bytes]
+	27	TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1249 bytes <-> 3 pkts/285 bytes]
+	28	TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/955 bytes <-> 9 pkts/561 bytes]
+	29	TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1270 bytes <-> 3 pkts/243 bytes]
+	30	TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][15 pkts/1138 bytes <-> 4 pkts/372 bytes]
+	31	TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1075 bytes <-> 4 pkts/431 bytes]
+	32	TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1100 bytes <-> 5 pkts/395 bytes]
+	33	TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1207 bytes <-> 3 pkts/277 bytes]
+	34	TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][cat: Web/5][12 pkts/1221 bytes <-> 3 pkts/231 bytes]
+	35	TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1062 bytes <-> 4 pkts/383 bytes]
+	36	TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][cat: VoIP/10][14 pkts/1083 bytes <-> 4 pkts/359 bytes]
+	37	TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][cat: VoIP/10][13 pkts/1020 bytes <-> 4 pkts/421 bytes]
+	38	TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/1010 bytes <-> 5 pkts/402 bytes]
+	39	TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1151 bytes <-> 3 pkts/260 bytes]
+	40	TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1040 bytes <-> 4 pkts/362 bytes]
+	41	TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/397 bytes]
+	42	TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1050 bytes <-> 4 pkts/351 bytes]
+	43	TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/390 bytes]
+	44	TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][cat: VoIP/10][14 pkts/1085 bytes <-> 4 pkts/315 bytes]
+	45	TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][cat: Web/5][11 pkts/1140 bytes <-> 3 pkts/250 bytes]
+	46	TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][cat: VoIP/10][13 pkts/975 bytes <-> 4 pkts/412 bytes]
+	47	TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/391 bytes]
+	48	TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/995 bytes <-> 4 pkts/386 bytes]
+	49	TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/380 bytes]
+	50	TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][cat: Web/5][13 pkts/1176 bytes <-> 3 pkts/200 bytes]
+	51	TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/1000 bytes <-> 4 pkts/371 bytes]
+	52	TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/971 bytes <-> 4 pkts/399 bytes]
+	53	TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][cat: VoIP/10][13 pkts/977 bytes <-> 4 pkts/384 bytes]
+	54	TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][cat: VoIP/10][12 pkts/940 bytes <-> 5 pkts/415 bytes]
+	55	TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/407 bytes]
+	56	TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][cat: VoIP/10][13 pkts/993 bytes <-> 4 pkts/360 bytes]
+	57	TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1074 bytes <-> 3 pkts/277 bytes]
+	58	TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1102 bytes <-> 3 pkts/247 bytes]
+	59	TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1109 bytes <-> 3 pkts/236 bytes]
+	60	TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/334 bytes]
+	61	TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/1074 bytes <-> 3 pkts/254 bytes]
+	62	TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][cat: VoIP/10][13 pkts/1010 bytes <-> 4 pkts/317 bytes]
+	63	TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1088 bytes <-> 3 pkts/236 bytes]
+	64	TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][cat: VoIP/10][13 pkts/989 bytes <-> 4 pkts/323 bytes]
+	65	TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][cat: Web/5][11 pkts/960 bytes <-> 4 pkts/351 bytes]
+	66	TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][cat: VoIP/10][12 pkts/969 bytes <-> 4 pkts/337 bytes]
+	67	TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1039 bytes <-> 3 pkts/267 bytes]
+	68	TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][cat: VoIP/10][12 pkts/899 bytes <-> 5 pkts/406 bytes]
+	69	TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/982 bytes <-> 4 pkts/322 bytes]
+	70	TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1002 bytes <-> 3 pkts/285 bytes]
+	71	TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][cat: VoIP/10][11 pkts/836 bytes <-> 5 pkts/442 bytes]
+	72	TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][cat: VoIP/10][11 pkts/841 bytes <-> 5 pkts/429 bytes]
+	73	TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/999 bytes <-> 4 pkts/266 bytes]
+	74	TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1032 bytes <-> 3 pkts/230 bytes]
+	75	TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][cat: VoIP/10][11 pkts/866 bytes <-> 5 pkts/396 bytes]
+	76	TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/411 bytes]
+	77	TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/994 bytes <-> 2 pkts/243 bytes]
+	78	TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][cat: VoIP/10][11 pkts/820 bytes <-> 5 pkts/416 bytes]
+	79	TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][cat: VoIP/10][11 pkts/843 bytes <-> 4 pkts/386 bytes]
+	80	TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][cat: VoIP/10][11 pkts/822 bytes <-> 4 pkts/390 bytes]
+	81	TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/857 bytes <-> 4 pkts/351 bytes]
+	82	TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/827 bytes <-> 3 pkts/325 bytes]
+	83	TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][cat: Web/5][9 pkts/862 bytes <-> 3 pkts/285 bytes]
+	84	TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/935 bytes <-> 2 pkts/197 bytes]
+	85	TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/237 bytes]
+	86	TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/838 bytes <-> 3 pkts/270 bytes]
+	87	TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][9 pkts/822 bytes <-> 3 pkts/285 bytes]
+	88	TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/814 bytes <-> 3 pkts/287 bytes]
+	89	UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/908 bytes -> 0 pkts/0 bytes]
+	90	UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/828 bytes -> 0 pkts/0 bytes]
+	91	TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/417 bytes <-> 4 pkts/352 bytes]
+	92	ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network/14][8 pkts/656 bytes -> 0 pkts/0 bytes]
+	93	UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net]
+	94	UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net]
+	95	UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com]
+	96	UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net]
+	97	UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net]
+	98	UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
+	99	UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net]
+	100	UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
+	101	UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net]
+	102	UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
+	103	UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
+	104	UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
+	105	UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
+	106	UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
+	107	UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net]
+	108	UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net]
+	109	UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
+	110	TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][cat: Web/5][8 pkts/608 bytes -> 0 pkts/0 bytes]
+	111	TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/353 bytes <-> 4 pkts/246 bytes]
+	112	UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
+	113	UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
+	114	UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
+	115	UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
+	116	UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net]
+	117	UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net]
+	118	UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com]
+	119	UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com]
+	120	TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/297 bytes <-> 3 pkts/186 bytes]
+	121	UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][cat: Streaming/17][5 pkts/430 bytes -> 0 pkts/0 bytes]
+	122	TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes]
+	123	UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com]
+	124	UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes]
+	125	UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes]
+	126	UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes]
+	127	UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes]
+	128	UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes]
+	129	UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes]
+	130	UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com]
+	131	UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net]
+	132	UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes]
+	133	UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net]
+	134	UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net]
+	135	UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net]
+	136	TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes]
+	137	IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes]
+	138	UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	139	UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	140	UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	141	UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	142	UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	143	UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	144	UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	145	UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	146	UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	147	UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	148	UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	149	UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	150	UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	151	UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	152	UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	153	UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	154	UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	155	UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	156	UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	157	UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	158	UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	159	UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	160	UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	161	UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	162	UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	163	UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	164	UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	165	UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	166	UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	167	UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	168	UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	169	UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	170	UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	171	UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	172	UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	173	UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	174	UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	175	UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	176	UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	177	UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	178	UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	179	UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	180	UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	181	UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	182	UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	183	UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	184	UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	185	UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	186	UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	187	UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	188	UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	189	UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	190	UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	191	UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	192	UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	193	UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	194	UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	195	UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	196	UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	197	UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	198	UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	199	UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	200	UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	201	UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	202	UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	203	UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	204	UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	205	UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	206	UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	207	UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	208	UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	209	UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	210	UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	211	UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	212	UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	213	UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	214	UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	215	UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	216	UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	217	UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	218	UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	219	UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	220	UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	221	UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	222	UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	223	UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	224	UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	225	UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	226	UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	227	UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	228	UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	229	UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	230	UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	231	UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	232	UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	233	UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	234	UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	235	UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	236	UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	237	UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	238	UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	239	UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	240	UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	241	UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	242	UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	243	UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	244	UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	245	UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	246	UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	247	UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	248	UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	249	UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	250	UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	251	UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	252	UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	253	UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	254	UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	255	UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	256	UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	257	UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	258	UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	259	UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	260	UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	261	UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	262	UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	263	UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	264	UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	265	UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	266	UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	267	UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	268	UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	269	UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	270	UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	271	UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	272	UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	273	UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	274	UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	275	IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	276	IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	277	UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	278	UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	279	UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	280	UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	281	UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	282	IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes]
 
 
 Undetected flows:
diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out
index 4927132a8..f83f6b559 100644
--- a/tests/result/skype_no_unknown.pcap.out
+++ b/tests/result/skype_no_unknown.pcap.out
@@ -1,272 +1,274 @@
-Unknown	186	61791	12
+Unknown	183	61585	11
 DNS	2	267	1
 MDNS	3	400	2
 NetBIOS	22	3106	7
 SSDP	40	14100	3
+SkypeCall	454	39996	164
 ICMP	4	328	1
 IGMP	4	226	4
 SSL	79	7742	6
 Dropbox	16	7342	5
-Skype	1291	190136	223
+Skype	840	150346	60
 Apple	76	19581	1
 MS_OneDrive	348	181687	1
 ApplePush	8	1118	1
 
-	1	TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][cat: Cloud][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com]
-	2	TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][101 pkts/30681 bytes <-> 98 pkts/59934 bytes]
-	3	TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][38 pkts/9082 bytes <-> 38 pkts/10499 bytes]
-	4	UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][36 pkts/13402 bytes -> 0 pkts/0 bytes]
-	5	TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP][17 pkts/2686 bytes <-> 13 pkts/2218 bytes]
-	6	TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP][12 pkts/2194 bytes <-> 8 pkts/1711 bytes]
-	7	TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com]
-	8	TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][cat: VoIP][12 pkts/3242 bytes <-> 3 pkts/290 bytes]
-	9	TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][4 pkts/818 bytes <-> 4 pkts/2172 bytes]
-	10	TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com]
-	11	TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][13 pkts/1446 bytes <-> 4 pkts/266 bytes]
-	12	TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][13 pkts/1437 bytes <-> 3 pkts/200 bytes]
-	13	TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes]
-	14	TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes]
-	15	TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][12 pkts/1291 bytes <-> 3 pkts/242 bytes]
-	16	TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][12 pkts/1235 bytes <-> 3 pkts/285 bytes]
-	17	TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/265 bytes]
-	18	TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][cat: VoIP][14 pkts/1104 bytes <-> 5 pkts/392 bytes]
-	19	TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][cat: VoIP][14 pkts/1106 bytes <-> 5 pkts/385 bytes]
-	20	TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125/Skype][cat: VoIP][14 pkts/1070 bytes <-> 4 pkts/420 bytes]
-	21	TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][cat: VoIP][14 pkts/1117 bytes <-> 4 pkts/337 bytes]
-	22	TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes]
-	23	TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][10 pkts/1077 bytes <-> 4 pkts/351 bytes]
-	24	TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][cat: VoIP][14 pkts/1059 bytes <-> 4 pkts/367 bytes]
-	25	TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][cat: VoIP][13 pkts/1011 bytes <-> 4 pkts/415 bytes]
-	26	TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP][14 pkts/1093 bytes <-> 4 pkts/333 bytes]
-	27	TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes]
-	28	TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][12 pkts/1130 bytes <-> 3 pkts/285 bytes]
-	29	TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes]
-	30	TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes]
-	31	TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125/Skype][cat: VoIP][13 pkts/991 bytes <-> 4 pkts/378 bytes]
-	32	TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][cat: VoIP][13 pkts/1006 bytes <-> 4 pkts/361 bytes]
-	33	TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes]
-	34	TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][cat: VoIP][13 pkts/976 bytes <-> 4 pkts/365 bytes]
-	35	TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP][13 pkts/986 bytes <-> 4 pkts/344 bytes]
-	36	TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][cat: VoIP][13 pkts/981 bytes <-> 4 pkts/348 bytes]
-	37	TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][cat: VoIP][13 pkts/1004 bytes <-> 4 pkts/318 bytes]
-	38	TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][cat: VoIP][12 pkts/948 bytes <-> 4 pkts/349 bytes]
-	39	TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP][12 pkts/951 bytes <-> 4 pkts/341 bytes]
-	40	TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][cat: VoIP][11 pkts/858 bytes <-> 5 pkts/426 bytes]
-	41	TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][cat: VoIP][11 pkts/856 bytes <-> 5 pkts/409 bytes]
-	42	TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP][11 pkts/861 bytes <-> 4 pkts/397 bytes]
-	43	TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][cat: VoIP][11 pkts/844 bytes <-> 5 pkts/413 bytes]
-	44	TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][10 pkts/972 bytes <-> 3 pkts/285 bytes]
-	45	TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes]
-	46	TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][cat: VoIP][11 pkts/815 bytes <-> 5 pkts/423 bytes]
-	47	TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][cat: VoIP][12 pkts/942 bytes <-> 3 pkts/284 bytes]
-	48	TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][cat: VoIP][11 pkts/832 bytes <-> 4 pkts/387 bytes]
-	49	TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes]
-	50	TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP][12 pkts/916 bytes <-> 3 pkts/281 bytes]
-	51	TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][cat: VoIP][11 pkts/862 bytes <-> 3 pkts/314 bytes]
-	52	TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][cat: VoIP][10 pkts/785 bytes <-> 4 pkts/378 bytes]
-	53	TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes]
-	54	TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][cat: VoIP][12 pkts/931 bytes <-> 2 pkts/219 bytes]
-	55	TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][cat: VoIP][11 pkts/855 bytes <-> 3 pkts/287 bytes]
-	56	UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][cat: System][6 pkts/958 bytes <-> 2 pkts/184 bytes]
-	57	TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125/Skype][cat: VoIP][11 pkts/848 bytes <-> 3 pkts/286 bytes]
-	58	TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238/ApplePush][cat: Cloud][4 pkts/674 bytes <-> 4 pkts/444 bytes]
-	59	UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud][2 pkts/1088 bytes -> 0 pkts/0 bytes]
-	60	UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud][2 pkts/1088 bytes -> 0 pkts/0 bytes]
-	61	UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud][2 pkts/1088 bytes -> 0 pkts/0 bytes]
-	62	UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud][2 pkts/1088 bytes -> 0 pkts/0 bytes]
-	63	TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][cat: VoIP][7 pkts/571 bytes <-> 3 pkts/286 bytes]
-	64	UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System][7 pkts/680 bytes -> 0 pkts/0 bytes]
-	65	TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes]
-	66	UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net]
-	67	UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net]
-	68	UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
-	69	UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
-	70	UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
-	71	UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
-	72	UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
-	73	UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
-	74	UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net]
-	75	UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net]
-	76	TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes]
-	77	UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com]
-	78	UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com]
-	79	UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
-	80	UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
-	81	UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com]
-	82	UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net]
-	83	UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net]
-	84	UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com]
-	85	UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com]
-	86	TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/293 bytes <-> 3 pkts/186 bytes]
-	87	TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes]
-	88	UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes]
-	89	UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System][2 pkts/432 bytes -> 0 pkts/0 bytes]
-	90	TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/237 bytes <-> 3 pkts/186 bytes]
-	91	TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes]
-	92	TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes]
-	93	UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/349 bytes -> 0 pkts/0 bytes]
-	94	UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][2 pkts/349 bytes -> 0 pkts/0 bytes]
-	95	ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network][4 pkts/328 bytes -> 0 pkts/0 bytes]
-	96	UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125/Skype][cat: VoIP][5 pkts/300 bytes -> 0 pkts/0 bytes]
-	97	UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][cat: VoIP][5 pkts/300 bytes -> 0 pkts/0 bytes]
-	98	UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com]
-	99	UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network][2 pkts/258 bytes -> 0 pkts/0 bytes]
-	100	UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System][1 pkts/216 bytes -> 0 pkts/0 bytes]
-	101	TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes]
-	102	UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net]
-	103	UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net]
-	104	UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local]
-	105	UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System][1 pkts/92 bytes -> 0 pkts/0 bytes]
-	106	UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System][1 pkts/92 bytes -> 0 pkts/0 bytes]
-	107	UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com]
-	108	UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	109	UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	110	UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	111	UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	112	UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	113	UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	114	UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	115	UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	116	UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	117	UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	118	UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	119	UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][cat: VoIP][1 pkts/79 bytes -> 0 pkts/0 bytes]
-	120	UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	121	UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	122	UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	123	UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	124	UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	125	UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	126	UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	127	UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125/Skype][cat: VoIP][1 pkts/78 bytes -> 0 pkts/0 bytes]
-	128	UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	129	UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	130	UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	131	UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	132	UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	133	UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	134	UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	135	UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	136	UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	137	UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	138	UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125/Skype][cat: VoIP][1 pkts/77 bytes -> 0 pkts/0 bytes]
-	139	UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	140	UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	141	UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	142	UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	143	UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	144	UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	145	UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	146	UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	147	UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	148	UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	149	UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	150	UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	151	UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][cat: VoIP][1 pkts/76 bytes -> 0 pkts/0 bytes]
-	152	UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	153	UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	154	UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	155	UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	156	UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	157	UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	158	UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/75 bytes -> 0 pkts/0 bytes]
-	159	UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	160	UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	161	UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	162	UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	163	UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	164	UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][cat: VoIP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	165	UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	166	UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	167	UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	168	UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	169	UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	170	UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	171	UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125/Skype][cat: VoIP][1 pkts/73 bytes -> 0 pkts/0 bytes]
-	172	UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	173	UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	174	UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	175	UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	176	UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	177	UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	178	UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	179	UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	180	UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	181	UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	182	UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	183	UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][cat: VoIP][1 pkts/72 bytes -> 0 pkts/0 bytes]
-	184	UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	185	UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	186	UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	187	UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	188	UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	189	UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	190	UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	191	UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	192	UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][cat: VoIP][1 pkts/71 bytes -> 0 pkts/0 bytes]
-	193	UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	194	UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	195	UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	196	UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	197	UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	198	UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	199	UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	200	UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	201	UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	202	UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][cat: VoIP][1 pkts/70 bytes -> 0 pkts/0 bytes]
-	203	UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	204	UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	205	UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	206	UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	207	UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][cat: VoIP][1 pkts/69 bytes -> 0 pkts/0 bytes]
-	208	UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	209	UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	210	UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	211	UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	212	UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	213	UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][cat: VoIP][1 pkts/68 bytes -> 0 pkts/0 bytes]
-	214	UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	215	UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	216	UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	217	UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	218	UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	219	UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	220	UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	221	UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	222	UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	223	UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	224	UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	225	UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	226	UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	227	UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	228	UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][cat: VoIP][1 pkts/67 bytes -> 0 pkts/0 bytes]
-	229	UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	230	UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	231	UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	232	UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	233	UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	234	UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	235	UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	236	UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	237	UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][cat: VoIP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	238	UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	239	UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	240	UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	241	UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	242	UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	243	UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	244	UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	245	UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	246	UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125/Skype][cat: VoIP][1 pkts/64 bytes -> 0 pkts/0 bytes]
-	247	IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	248	IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][cat: Network][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	249	IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	250	UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125/Skype][cat: VoIP][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	251	UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125/Skype][cat: VoIP][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	252	UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125/Skype][cat: VoIP][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	253	UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125/Skype][cat: VoIP][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	254	UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][cat: VoIP][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	255	IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network][1 pkts/46 bytes -> 0 pkts/0 bytes]
+	1	TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][cat: Cloud/13][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com]
+	2	TCP 192.168.1.34:51279 <-> 111.221.74.48:40008 [proto: 125/Skype][cat: VoIP/10][101 pkts/30681 bytes <-> 98 pkts/59934 bytes]
+	3	TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][38 pkts/9082 bytes <-> 38 pkts/10499 bytes]
+	4	UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][36 pkts/13402 bytes -> 0 pkts/0 bytes]
+	5	TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][17 pkts/2686 bytes <-> 13 pkts/2218 bytes]
+	6	TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/2194 bytes <-> 8 pkts/1711 bytes]
+	7	TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com]
+	8	TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][cat: VoIP/10][12 pkts/3242 bytes <-> 3 pkts/290 bytes]
+	9	TCP 108.160.163.108:443 <-> 192.168.1.34:51222 [proto: 91.121/SSL.Dropbox][cat: Cloud/13][4 pkts/818 bytes <-> 4 pkts/2172 bytes]
+	10	TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com]
+	11	TCP 192.168.1.34:51238 <-> 157.55.235.147:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][13 pkts/1446 bytes <-> 4 pkts/266 bytes]
+	12	TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 91/SSL][cat: Web/5][13 pkts/1437 bytes <-> 3 pkts/200 bytes]
+	13	TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1333 bytes <-> 3 pkts/251 bytes]
+	14	TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1284 bytes <-> 3 pkts/285 bytes]
+	15	TCP 192.168.1.34:51239 <-> 65.55.223.45:443 [proto: 91/SSL][cat: Web/5][12 pkts/1291 bytes <-> 3 pkts/242 bytes]
+	16	TCP 192.168.1.34:51274 <-> 157.55.235.152:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1235 bytes <-> 3 pkts/285 bytes]
+	17	TCP 192.168.1.34:51260 <-> 157.55.130.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1249 bytes <-> 3 pkts/265 bytes]
+	18	TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1104 bytes <-> 5 pkts/392 bytes]
+	19	TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1106 bytes <-> 5 pkts/385 bytes]
+	20	TCP 192.168.1.34:51290 <-> 5.248.186.221:31010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1070 bytes <-> 4 pkts/420 bytes]
+	21	TCP 192.168.1.34:51234 <-> 157.55.235.147:40001 [proto: 125/Skype][cat: VoIP/10][14 pkts/1117 bytes <-> 4 pkts/337 bytes]
+	22	TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][cat: Web/5][11 pkts/1164 bytes <-> 3 pkts/268 bytes]
+	23	TCP 192.168.1.34:51247 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1077 bytes <-> 4 pkts/351 bytes]
+	24	TCP 192.168.1.34:51257 <-> 157.55.235.170:40032 [proto: 125/Skype][cat: VoIP/10][14 pkts/1059 bytes <-> 4 pkts/367 bytes]
+	25	TCP 192.168.1.34:51277 <-> 157.55.235.156:40026 [proto: 125/Skype][cat: VoIP/10][13 pkts/1011 bytes <-> 4 pkts/415 bytes]
+	26	TCP 192.168.1.34:51305 <-> 149.13.32.15:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][14 pkts/1093 bytes <-> 4 pkts/333 bytes]
+	27	TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][cat: Web/5][12 pkts/1130 bytes <-> 3 pkts/285 bytes]
+	28	TCP 192.168.1.34:51280 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1130 bytes <-> 3 pkts/285 bytes]
+	29	TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][12 pkts/1095 bytes <-> 3 pkts/285 bytes]
+	30	TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1022 bytes <-> 4 pkts/351 bytes]
+	31	TCP 192.168.1.34:51289 <-> 71.238.7.203:18767 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/991 bytes <-> 4 pkts/378 bytes]
+	32	TCP 192.168.1.34:51272 <-> 157.55.235.152:40029 [proto: 125/Skype][cat: VoIP/10][13 pkts/1006 bytes <-> 4 pkts/361 bytes]
+	33	TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/1012 bytes <-> 4 pkts/351 bytes]
+	34	TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][13 pkts/976 bytes <-> 4 pkts/365 bytes]
+	35	TCP 192.168.1.34:51237 <-> 157.55.130.176:40022 [proto: 125/Skype][cat: VoIP/10][13 pkts/986 bytes <-> 4 pkts/344 bytes]
+	36	TCP 192.168.1.34:51276 <-> 157.55.235.146:40021 [proto: 125/Skype][cat: VoIP/10][13 pkts/981 bytes <-> 4 pkts/348 bytes]
+	37	TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][cat: VoIP/10][13 pkts/1004 bytes <-> 4 pkts/318 bytes]
+	38	TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/948 bytes <-> 4 pkts/349 bytes]
+	39	TCP 192.168.1.34:51229 <-> 157.56.52.28:40009 [proto: 125/Skype][cat: VoIP/10][12 pkts/951 bytes <-> 4 pkts/341 bytes]
+	40	TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][cat: VoIP/10][11 pkts/858 bytes <-> 5 pkts/426 bytes]
+	41	TCP 192.168.1.34:51246 <-> 157.56.52.44:40020 [proto: 125/Skype][cat: VoIP/10][11 pkts/856 bytes <-> 5 pkts/409 bytes]
+	42	TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/861 bytes <-> 4 pkts/397 bytes]
+	43	TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][cat: VoIP/10][11 pkts/844 bytes <-> 5 pkts/413 bytes]
+	44	TCP 192.168.1.34:51282 <-> 64.4.23.159:443 [proto: 91/SSL][cat: Web/5][10 pkts/972 bytes <-> 3 pkts/285 bytes]
+	45	TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/902 bytes <-> 4 pkts/351 bytes]
+	46	TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][cat: VoIP/10][11 pkts/815 bytes <-> 5 pkts/423 bytes]
+	47	TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/942 bytes <-> 3 pkts/284 bytes]
+	48	TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/832 bytes <-> 4 pkts/387 bytes]
+	49	TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/852 bytes <-> 4 pkts/351 bytes]
+	50	TCP 192.168.1.34:51309 <-> 149.13.32.15:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/916 bytes <-> 3 pkts/281 bytes]
+	51	TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/862 bytes <-> 3 pkts/314 bytes]
+	52	TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][cat: VoIP/10][10 pkts/785 bytes <-> 4 pkts/378 bytes]
+	53	TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][10 pkts/872 bytes <-> 3 pkts/285 bytes]
+	54	TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][12 pkts/931 bytes <-> 2 pkts/219 bytes]
+	55	TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/855 bytes <-> 3 pkts/287 bytes]
+	56	UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][cat: System/18][6 pkts/958 bytes <-> 2 pkts/184 bytes]
+	57	TCP 192.168.1.34:51311 <-> 93.79.224.176:14506 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][11 pkts/848 bytes <-> 3 pkts/286 bytes]
+	58	TCP 17.143.160.149:5223 <-> 192.168.1.34:50407 [proto: 238/ApplePush][cat: Cloud/13][4 pkts/674 bytes <-> 4 pkts/444 bytes]
+	59	UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes]
+	60	UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes]
+	61	UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes]
+	62	UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes]
+	63	TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][7 pkts/571 bytes <-> 3 pkts/286 bytes]
+	64	UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][7 pkts/680 bytes -> 0 pkts/0 bytes]
+	65	TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][6 pkts/353 bytes <-> 5 pkts/306 bytes]
+	66	UDP 192.168.1.34:58631 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net]
+	67	UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net]
+	68	UDP 192.168.1.34:50055 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
+	69	UDP 192.168.1.34:51753 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
+	70	UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
+	71	UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
+	72	UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
+	73	UDP 192.168.1.34:61095 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net]
+	74	UDP 192.168.1.34:60413 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net]
+	75	UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net]
+	76	TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][6 pkts/353 bytes <-> 4 pkts/246 bytes]
+	77	UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com]
+	78	UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com]
+	79	UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
+	80	UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com]
+	81	UDP 192.168.1.34:64971 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com]
+	82	UDP 192.168.1.34:59113 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net]
+	83	UDP 192.168.1.34:62875 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/539 bytes -> 0 pkts/0 bytes][Host: dsn13.d.skype.net]
+	84	UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com]
+	85	UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com]
+	86	TCP 192.168.1.34:51296 <-> 91.190.216.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/293 bytes <-> 3 pkts/186 bytes]
+	87	TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][cat: Web/5][6 pkts/468 bytes -> 0 pkts/0 bytes]
+	88	UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][cat: System/18][2 pkts/452 bytes -> 0 pkts/0 bytes]
+	89	UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][2 pkts/432 bytes -> 0 pkts/0 bytes]
+	90	TCP 192.168.1.34:51284 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/237 bytes <-> 3 pkts/186 bytes]
+	91	TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes]
+	92	TCP 192.168.1.34:51286 <-> 91.190.218.125:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][3 pkts/191 bytes <-> 3 pkts/186 bytes]
+	93	UDP 192.168.1.34:58061 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes]
+	94	UDP 192.168.1.34:59237 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/349 bytes -> 0 pkts/0 bytes]
+	95	ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][cat: Network/14][4 pkts/328 bytes -> 0 pkts/0 bytes]
+	96	UDP 192.168.1.34:13021 -> 83.31.12.173:23939 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes]
+	97	UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes]
+	98	UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com]
+	99	UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes]
+	100	UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes]
+	101	TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes]
+	102	TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes]
+	103	UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net]
+	104	UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net]
+	105	UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local]
+	106	UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes]
+	107	UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes]
+	108	UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com]
+	109	UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	110	UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	111	UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	112	UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	113	UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	114	UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	115	UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	116	UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	117	UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	118	UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	119	UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	120	UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes]
+	121	UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	122	UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	123	UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	124	UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	125	UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	126	UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	127	UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	128	UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	129	UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	130	UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	131	UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	132	UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	133	UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	134	UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	135	UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	136	UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	137	UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	138	UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	139	UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes]
+	140	UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	141	UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	142	UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	143	UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	144	UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	145	UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	146	UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	147	UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	148	UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	149	UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	150	UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	151	UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	152	UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes]
+	153	UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	154	UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	155	UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	156	UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	157	UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	158	UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	159	UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes]
+	160	UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	161	UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	162	UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	163	UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	164	UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	165	UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	166	UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	167	UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	168	UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	169	UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	170	UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	171	UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	172	UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes]
+	173	UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	174	UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	175	UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	176	UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	177	UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	178	UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	179	UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	180	UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	181	UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	182	UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	183	UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	184	UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes]
+	185	UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	186	UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	187	UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	188	UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	189	UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	190	UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	191	UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	192	UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	193	UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes]
+	194	UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	195	UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	196	UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	197	UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	198	UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	199	UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	200	UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	201	UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	202	UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	203	UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes]
+	204	UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	205	UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	206	UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	207	UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	208	UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes]
+	209	UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	210	UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	211	UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	212	UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	213	UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	214	UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes]
+	215	UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	216	UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	217	UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	218	UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	219	UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	220	UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	221	UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	222	UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	223	UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	224	UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	225	UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	226	UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	227	UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	228	UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	229	UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes]
+	230	UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	231	UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	232	UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	233	UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	234	UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	235	UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	236	UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	237	UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	238	UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	239	UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	240	UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	241	UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	242	UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	243	UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	244	UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	245	UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	246	UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	247	UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes]
+	248	IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	249	IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	250	IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	251	UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	252	UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	253	UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	254	UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	255	UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125.38/Skype.SkypeCall][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	256	IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes]
 
 
 Undetected flows:
@@ -280,5 +282,4 @@ Undetected flows:
 	8	TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes]
 	9	TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes]
 	10	UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes]
-	11	TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes]
-	12	TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes]
+	11	TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/smpp_in_general.pcap.out b/tests/result/smpp_in_general.pcap.out
index 23a6f8f5d..816f080f7 100644
--- a/tests/result/smpp_in_general.pcap.out
+++ b/tests/result/smpp_in_general.pcap.out
@@ -1,3 +1,3 @@
 SMPP	17	1144	1
 
-	1	TCP 10.226.202.118:1770 <-> 10.226.202.53:9000 [proto: 207/SMPP][cat: Download-FileTransfer-FileSharing][10 pkts/670 bytes <-> 7 pkts/474 bytes]
+	1	TCP 10.226.202.118:1770 <-> 10.226.202.53:9000 [proto: 207/SMPP][cat: Download-FileTransfer-FileSharing/7][10 pkts/670 bytes <-> 7 pkts/474 bytes]
diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out
index dd40de1b0..017d5a639 100644
--- a/tests/result/snapchat.pcap.out
+++ b/tests/result/snapchat.pcap.out
@@ -1,6 +1,6 @@
-SSL_No_Cert	22	2879	1
+Google	22	2879	1
 Snapchat	34	7320	2
 
-	1	TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][cat: Chat][9 pkts/2290 bytes <-> 8 pkts/1653 bytes][client: feelinsonice-hrd.appspot.com]
-	2	TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][cat: Chat][9 pkts/2345 bytes <-> 8 pkts/1032 bytes][client: feelinsonice-hrd.appspot.com]
-	3	TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 64/SSL_No_Cert][cat: Web][11 pkts/1910 bytes <-> 11 pkts/969 bytes]
+	1	TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][cat: Chat/9][9 pkts/2290 bytes <-> 8 pkts/1653 bytes][client: feelinsonice-hrd.appspot.com]
+	2	TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][cat: Chat/9][9 pkts/2345 bytes <-> 8 pkts/1032 bytes][client: feelinsonice-hrd.appspot.com]
+	3	TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 64.126/SSL_No_Cert.Google][cat: Web/5][11 pkts/1910 bytes <-> 11 pkts/969 bytes]
diff --git a/tests/result/ssdp-m-search.pcap.out b/tests/result/ssdp-m-search.pcap.out
new file mode 100644
index 000000000..e975bfeb4
--- /dev/null
+++ b/tests/result/ssdp-m-search.pcap.out
@@ -0,0 +1,3 @@
+SSDP	19	1197	1
+
+	1	UDP 192.168.242.8:42253 -> 192.168.242.255:32412 [proto: 12/SSDP][cat: System/18][19 pkts/1197 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out
index 67ee3177e..c63b86dc8 100644
--- a/tests/result/starcraft_battle.pcap.out
+++ b/tests/result/starcraft_battle.pcap.out
@@ -5,60 +5,59 @@ HTTP_Download	179	134204	1
 WorldOfWarcraft	9	880	1
 IGMP	2	120	1
 SSL	38	2548	11
-Google	16	1709	4
-QUIC	6	475	1
+Google	22	2184	5
 Github	3	234	1
 Starcraft	236	51494	6
 
-	1	TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Host: llnw.blizzard.com]
-	2	TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][cat: Game][126 pkts/9157 bytes <-> 89 pkts/41021 bytes]
-	3	TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Host: bnetcmsus-a.akamaihd.net]
-	4	TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net]
-	5	TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net]
-	6	TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net]
-	7	TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net]
-	8	UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System][11 pkts/4984 bytes -> 0 pkts/0 bytes]
-	9	TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net]
-	10	TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net]
-	11	TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Host: eu.launcher.battle.net]
-	12	TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Host: eu.launcher.battle.net]
-	13	TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][cat: Web][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com]
-	14	TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web][6 pkts/473 bytes <-> 4 pkts/753 bytes][Host: nydus.battle.net]
-	15	TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net]
-	16	TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net]
-	17	TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web][6 pkts/481 bytes <-> 4 pkts/733 bytes][Host: nydus.battle.net]
-	18	TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net]
-	19	TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net]
-	20	TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][6 pkts/376 bytes <-> 7 pkts/526 bytes]
-	21	TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com]
-	22	UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net]
-	23	UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][cat: Web][3 pkts/243 bytes <-> 3 pkts/232 bytes]
-	24	UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 22.40.194.173.in-addr.arpa]
-	25	UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com]
-	26	UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 91.252.30.192.in-addr.arpa]
-	27	UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 254.1.168.192.in-addr.arpa]
-	28	TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net]
-	29	TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net]
-	30	UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net]
-	31	TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes]
-	32	TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes]
-	33	TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes]
-	34	TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes]
-	35	TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes]
-	36	TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes]
-	37	TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes]
-	38	TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/167 bytes]
-	39	TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][2 pkts/145 bytes <-> 1 pkts/89 bytes]
-	40	TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/120 bytes]
-	41	UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network][1 pkts/86 bytes <-> 1 pkts/124 bytes][Host: 40.186.239.80.in-addr.arpa]
-	42	TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][2 pkts/108 bytes <-> 1 pkts/60 bytes]
-	43	TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][1 pkts/55 bytes <-> 1 pkts/66 bytes]
-	44	TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][1 pkts/55 bytes <-> 1 pkts/66 bytes]
-	45	IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network][2 pkts/120 bytes -> 0 pkts/0 bytes]
-	46	UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes]
-	47	UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][1 pkts/44 bytes <-> 1 pkts/60 bytes]
-	48	UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes]
-	49	UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][1 pkts/43 bytes <-> 1 pkts/60 bytes]
-	50	TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes -> 0 pkts/0 bytes]
-	51	TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes]
-	52	TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	1	TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Host: llnw.blizzard.com]
+	2	TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][cat: Game/8][126 pkts/9157 bytes <-> 89 pkts/41021 bytes]
+	3	TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Host: bnetcmsus-a.akamaihd.net]
+	4	TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net]
+	5	TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net]
+	6	TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net]
+	7	TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net]
+	8	UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][11 pkts/4984 bytes -> 0 pkts/0 bytes]
+	9	TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net]
+	10	TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net]
+	11	TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Host: eu.launcher.battle.net]
+	12	TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Host: eu.launcher.battle.net]
+	13	TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com]
+	14	TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/473 bytes <-> 4 pkts/753 bytes][Host: nydus.battle.net]
+	15	TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net]
+	16	TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net]
+	17	TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/481 bytes <-> 4 pkts/733 bytes][Host: nydus.battle.net]
+	18	TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net]
+	19	TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net]
+	20	TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes]
+	21	TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com]
+	22	UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net]
+	23	UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188.126/QUIC.Google][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes]
+	24	UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 22.40.194.173.in-addr.arpa]
+	25	UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com]
+	26	UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 91.252.30.192.in-addr.arpa]
+	27	UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 254.1.168.192.in-addr.arpa]
+	28	TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net]
+	29	TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net]
+	30	UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net]
+	31	TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes]
+	32	TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes]
+	33	TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes]
+	34	TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes]
+	35	TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes]
+	36	TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes]
+	37	TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes]
+	38	TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes]
+	39	TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91.203/SSL.Github][cat: Collaborative/15][2 pkts/145 bytes <-> 1 pkts/89 bytes]
+	40	TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/120 bytes]
+	41	UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/124 bytes][Host: 40.186.239.80.in-addr.arpa]
+	42	TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes]
+	43	TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes]
+	44	TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes]
+	45	IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][2 pkts/120 bytes -> 0 pkts/0 bytes]
+	46	UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/44 bytes <-> 1 pkts/60 bytes]
+	47	UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/44 bytes <-> 1 pkts/60 bytes]
+	48	UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes]
+	49	UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes]
+	50	TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes]
+	51	TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/SSL][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	52	TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/SSL][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/teredo.pcap.out b/tests/result/teredo.pcap.out
index 55dc2932c..24be9ebb2 100644
--- a/tests/result/teredo.pcap.out
+++ b/tests/result/teredo.pcap.out
@@ -1,7 +1,7 @@
 Teredo	24	2574	5
 
-	1	UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][10 pkts/930 bytes <-> 4 pkts/374 bytes]
-	2	UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][2 pkts/206 bytes <-> 2 pkts/302 bytes]
-	3	UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes]
-	4	UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes]
-	5	UDP 10.112.16.92:63448 <-> 194.136.28.76:3544 [proto: 214/Teredo][1 pkts/103 bytes <-> 1 pkts/151 bytes]
+	1	UDP 10.112.16.67:51812 <-> 194.136.28.76:3544 [proto: 214/Teredo][cat: Network/14][10 pkts/930 bytes <-> 4 pkts/374 bytes]
+	2	UDP 10.112.16.106:52513 <-> 194.136.28.76:3544 [proto: 214/Teredo][cat: Network/14][2 pkts/206 bytes <-> 2 pkts/302 bytes]
+	3	UDP 10.112.16.64:56154 <-> 194.136.28.76:3544 [proto: 214/Teredo][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/151 bytes]
+	4	UDP 10.112.16.89:60381 <-> 194.136.28.76:3544 [proto: 214/Teredo][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/151 bytes]
+	5	UDP 10.112.16.92:63448 <-> 194.136.28.76:3544 [proto: 214/Teredo][cat: Network/14][1 pkts/103 bytes <-> 1 pkts/151 bytes]
diff --git a/tests/result/tinc.pcap.out b/tests/result/tinc.pcap.out
index 41ccda23a..297bb051e 100644
--- a/tests/result/tinc.pcap.out
+++ b/tests/result/tinc.pcap.out
@@ -1,6 +1,6 @@
 TINC	317	352291	4
 
-	1	UDP 185.83.218.112:55656 <-> 131.114.168.27:55656 [proto: 209/TINC][cat: VPN][29 pkts/30038 bytes <-> 105 pkts/139726 bytes]
-	2	UDP 131.114.168.27:55655 <-> 185.83.218.112:55655 [proto: 209/TINC][cat: VPN][101 pkts/136966 bytes <-> 29 pkts/32550 bytes]
-	3	TCP 131.114.168.27:49290 <-> 185.83.218.112:55656 [proto: 209/TINC][cat: VPN][14 pkts/3812 bytes <-> 13 pkts/3098 bytes]
-	4	TCP 131.114.168.27:59244 <-> 185.83.218.112:55655 [proto: 209/TINC][cat: VPN][15 pkts/3169 bytes <-> 11 pkts/2932 bytes]
+	1	UDP 185.83.218.112:55656 <-> 131.114.168.27:55656 [proto: 209/TINC][cat: VPN/2][29 pkts/30038 bytes <-> 105 pkts/139726 bytes]
+	2	UDP 131.114.168.27:55655 <-> 185.83.218.112:55655 [proto: 209/TINC][cat: VPN/2][101 pkts/136966 bytes <-> 29 pkts/32550 bytes]
+	3	TCP 131.114.168.27:49290 <-> 185.83.218.112:55656 [proto: 209/TINC][cat: VPN/2][14 pkts/3812 bytes <-> 13 pkts/3098 bytes]
+	4	TCP 131.114.168.27:59244 <-> 185.83.218.112:55655 [proto: 209/TINC][cat: VPN/2][15 pkts/3169 bytes <-> 11 pkts/2932 bytes]
diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out
index 0ce97d417..69b7d3e71 100644
--- a/tests/result/tor.pcap.out
+++ b/tests/result/tor.pcap.out
@@ -4,14 +4,14 @@ DHCPV6	6	906	1
 Dropbox	10	1860	1
 Tor	3676	3014362	7
 
-	1	TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes]
-	2	TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes]
-	3	TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN][62 pkts/22715 bytes <-> 79 pkts/45823 bytes]
-	4	TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN][17 pkts/5489 bytes <-> 21 pkts/7031 bytes]
-	5	TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][cat: VPN][16 pkts/4858 bytes <-> 18 pkts/6284 bytes]
-	6	TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][cat: VPN][16 pkts/3691 bytes <-> 16 pkts/6740 bytes]
-	7	TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][cat: VPN][15 pkts/3634 bytes <-> 14 pkts/6027 bytes]
-	8	UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud][10 pkts/1860 bytes -> 0 pkts/0 bytes]
-	9	UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network][6 pkts/906 bytes -> 0 pkts/0 bytes]
-	10	UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System][1 pkts/252 bytes -> 0 pkts/0 bytes]
-	11	TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/SSL][1 pkts/60 bytes -> 0 pkts/0 bytes]
+	1	TCP 192.168.1.252:51176 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][693 pkts/181364 bytes <-> 1133 pkts/1331914 bytes]
+	2	TCP 192.168.1.252:51112 <-> 38.229.70.53:443 [proto: 163/Tor][cat: VPN/2][580 pkts/145960 bytes <-> 996 pkts/1242832 bytes]
+	3	TCP 192.168.1.252:51110 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][62 pkts/22715 bytes <-> 79 pkts/45823 bytes]
+	4	TCP 192.168.1.252:51175 <-> 91.143.93.242:443 [proto: 163/Tor][cat: VPN/2][17 pkts/5489 bytes <-> 21 pkts/7031 bytes]
+	5	TCP 192.168.1.252:51111 <-> 46.59.52.31:443 [proto: 163/Tor][cat: VPN/2][16 pkts/4858 bytes <-> 18 pkts/6284 bytes]
+	6	TCP 192.168.1.252:51174 <-> 212.83.155.250:443 [proto: 163/Tor][cat: VPN/2][16 pkts/3691 bytes <-> 16 pkts/6740 bytes]
+	7	TCP 192.168.1.252:51185 <-> 62.210.137.230:443 [proto: 163/Tor][cat: VPN/2][15 pkts/3634 bytes <-> 14 pkts/6027 bytes]
+	8	UDP 192.168.1.1:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][cat: Cloud/13][10 pkts/1860 bytes -> 0 pkts/0 bytes]
+	9	UDP [fe80::c583:1972:5728:7323]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][cat: Network/14][6 pkts/906 bytes -> 0 pkts/0 bytes]
+	10	UDP 192.168.1.252:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/252 bytes -> 0 pkts/0 bytes]
+	11	TCP 192.168.1.252:51104 -> 157.56.30.46:443 [proto: 91/SSL][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/ubntac2.pcap.out b/tests/result/ubntac2.pcap.out
index bc1f8ab46..bd20ba3e9 100644
--- a/tests/result/ubntac2.pcap.out
+++ b/tests/result/ubntac2.pcap.out
@@ -1,10 +1,10 @@
 UBNTAC2	8	1736	8
 
-	1	UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
-	2	UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
-	3	UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
-	4	UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
-	5	UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
-	6	UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
-	7	UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
-	8	UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+	1	UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+	2	UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+	3	UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+	4	UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+	5	UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+	6	UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+	7	UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+	8	UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
diff --git a/tests/result/upnp.pcap.out b/tests/result/upnp.pcap.out
new file mode 100644
index 000000000..923a6688a
--- /dev/null
+++ b/tests/result/upnp.pcap.out
@@ -0,0 +1,4 @@
+UPnP	14	9912	2
+
+	1	UDP [fe80::3441:3d24:6d30:a807]:58932 -> [ff02::c]:3702 [proto: 153/UPnP][cat: Network/14][7 pkts/5026 bytes -> 0 pkts/0 bytes]
+	2	UDP 192.168.61.66:58931 -> 239.255.255.250:3702 [proto: 153/UPnP][cat: Network/14][7 pkts/4886 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out
index 99b02a029..e200492ee 100644
--- a/tests/result/viber.pcap.out
+++ b/tests/result/viber.pcap.out
@@ -1,36 +1,36 @@
 DNS	8	1267	4
 MDNS	4	412	1
 ICMP	2	3028	1
-SSL	129	42221	7
+SSL	31	8597	3
 ICMPV6	2	140	1
 Facebook	2	281	1
-Google	2	164	1
+Google	32	9133	3
 Viber	268	99524	9
-QUIC	3	194	1
+Amazon	71	24849	3
 
-	1	TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/SSL.Viber][cat: Chat][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][client: dl-media.viber.com][server: *.viber.com]
-	2	TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/SSL.Viber][cat: Chat][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][client: media.cdn.viber.com][server: *.cdn.viber.com]
-	3	TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91/SSL][cat: Web][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][client: brahe.apptimize.com][server: *.apptimize.com]
-	4	TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][32 pkts/6563 bytes <-> 26 pkts/2782 bytes]
-	5	TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91/SSL][cat: Web][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][client: app-measurement.com]
-	6	TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][client: mapi.apptimize.com][server: *.apptimize.com]
-	7	TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/SSL][cat: Web][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][client: venetia.iad.appboy.com][server: y.ssl.fastly.net]
-	8	TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][client: mapi.apptimize.com][server: *.apptimize.com]
-	9	UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][24 pkts/5035 bytes <-> 22 pkts/2302 bytes]
-	10	UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][25 pkts/4344 bytes <-> 18 pkts/1872 bytes]
-	11	ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network][1 pkts/1514 bytes <-> 1 pkts/1514 bytes]
-	12	UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com]
-	13	TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][4 pkts/272 bytes <-> 2 pkts/140 bytes]
-	14	TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][4 pkts/272 bytes <-> 2 pkts/140 bytes]
-	15	UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network][4 pkts/412 bytes -> 0 pkts/0 bytes]
-	16	UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com]
-	17	UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com]
-	18	UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network][1 pkts/82 bytes <-> 1 pkts/183 bytes][Host: venetia.iad.appboy.com]
-	19	UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat][1 pkts/79 bytes <-> 1 pkts/185 bytes][Host: media.cdn.viber.com]
-	20	UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat][1 pkts/78 bytes <-> 1 pkts/185 bytes][Host: dl-media.viber.com]
-	21	UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188/QUIC][cat: Web][2 pkts/130 bytes <-> 1 pkts/64 bytes]
-	22	UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com]
-	23	UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com]
-	24	ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network][2 pkts/140 bytes -> 0 pkts/0 bytes]
-	25	UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes]
-	26	UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][1 pkts/76 bytes <-> 1 pkts/62 bytes]
+	1	TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/SSL.Viber][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][client: dl-media.viber.com][server: *.viber.com]
+	2	TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/SSL.Viber][cat: Chat/9][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][client: media.cdn.viber.com][server: *.cdn.viber.com]
+	3	TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91.178/SSL.Amazon][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][client: brahe.apptimize.com][server: *.apptimize.com]
+	4	TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][cat: Chat/9][32 pkts/6563 bytes <-> 26 pkts/2782 bytes]
+	5	TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][client: app-measurement.com]
+	6	TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91.178/SSL.Amazon][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][client: mapi.apptimize.com][server: *.apptimize.com]
+	7	TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/SSL][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][client: venetia.iad.appboy.com][server: y.ssl.fastly.net]
+	8	TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91.178/SSL.Amazon][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][client: mapi.apptimize.com][server: *.apptimize.com]
+	9	UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: Chat/9][24 pkts/5035 bytes <-> 22 pkts/2302 bytes]
+	10	UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: Chat/9][25 pkts/4344 bytes <-> 18 pkts/1872 bytes]
+	11	ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes]
+	12	UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com]
+	13	TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes]
+	14	TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes]
+	15	UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes]
+	16	UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com]
+	17	UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com]
+	18	UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Host: venetia.iad.appboy.com]
+	19	UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Host: media.cdn.viber.com]
+	20	UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Host: dl-media.viber.com]
+	21	UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188.126/QUIC.Google][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes]
+	22	UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com]
+	23	UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com]
+	24	ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes]
+	25	UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes]
+	26	UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes]
diff --git a/tests/result/vnc.pcap.out b/tests/result/vnc.pcap.out
index 8f1e321a5..26b58b971 100644
--- a/tests/result/vnc.pcap.out
+++ b/tests/result/vnc.pcap.out
@@ -1,4 +1,4 @@
 VNC	4551	329158	2
 
-	1	TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][cat: RemoteAccess][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes]
-	2	TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][cat: RemoteAccess][684 pkts/54893 bytes <-> 324 pkts/17720 bytes]
+	1	TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][cat: RemoteAccess/12][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes]
+	2	TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][cat: RemoteAccess/12][684 pkts/54893 bytes <-> 324 pkts/17720 bytes]
diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out
index 6c87a3ce9..b964af613 100644
--- a/tests/result/waze.pcap.out
+++ b/tests/result/waze.pcap.out
@@ -1,45 +1,42 @@
-Unknown	10	786	1
 HTTP	28	1572	7
 NTP	2	180	1
 HTTP_Download	37	63205	1
-SSL_No_Cert	13	2142	1
 SSL	8	432	2
+Google	13	2142	1
 Waze	484	289335	19
 WhatsApp	15	1341	1
+Amazon	10	786	1
 
-	1	TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][server: *.world.waze.com]
-	2	TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net]
-	3	TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][cat: Web][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][server: *.world.waze.com]
-	4	TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][cat: Web][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][server: *.world.waze.com]
-	5	TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][cat: Web][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][server: *.world.waze.com]
-	6	TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][server: *.world.waze.com]
-	7	TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][cat: Web][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][server: *.world.waze.com]
-	8	TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][cat: Web][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][server: *.waze.com]
-	9	TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][cat: Web][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][server: *.waze.com]
-	10	TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][server: *.world.waze.com]
-	11	TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][server: *.world.waze.com]
-	12	TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][cat: Web][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][server: *.world.waze.com]
-	13	TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][cat: Web][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][server: *.waze.com]
-	14	TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com]
-	15	TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][cat: Web][7 pkts/1137 bytes <-> 6 pkts/1005 bytes]
-	16	TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com]
-	17	TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][cat: Chat][8 pkts/673 bytes <-> 7 pkts/668 bytes]
-	18	TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web][7 pkts/557 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com]
-	19	TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web][7 pkts/555 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com]
-	20	TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com]
-	21	TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com]
-	22	TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com]
-	23	TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes]
-	24	TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes]
-	25	TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes]
-	26	TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes]
-	27	TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/120 bytes <-> 2 pkts/108 bytes]
-	28	TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes]
-	29	TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes]
-	30	TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes]
-	31	TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][2 pkts/108 bytes <-> 2 pkts/108 bytes]
-	32	UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][cat: System][1 pkts/90 bytes <-> 1 pkts/90 bytes]
-
-
-Undetected flows:
-	1	TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 0/Unknown][8 pkts/678 bytes <-> 2 pkts/108 bytes]
+	1	TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][server: *.world.waze.com]
+	2	TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net]
+	3	TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][server: *.world.waze.com]
+	4	TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][server: *.world.waze.com]
+	5	TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][server: *.world.waze.com]
+	6	TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web/5][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][server: *.world.waze.com]
+	7	TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][cat: Web/5][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][server: *.world.waze.com]
+	8	TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][cat: Web/5][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][server: *.waze.com]
+	9	TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][cat: Web/5][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][server: *.waze.com]
+	10	TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web/5][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][server: *.world.waze.com]
+	11	TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][server: *.world.waze.com]
+	12	TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][server: *.world.waze.com]
+	13	TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][server: *.waze.com]
+	14	TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com]
+	15	TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64.126/SSL_No_Cert.Google][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes]
+	16	TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com]
+	17	TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][cat: Chat/9][8 pkts/673 bytes <-> 7 pkts/668 bytes]
+	18	TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com]
+	19	TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/555 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com]
+	20	TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com]
+	21	TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com]
+	22	TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com]
+	23	TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 91.178/SSL.Amazon][cat: Web/5][8 pkts/678 bytes <-> 2 pkts/108 bytes]
+	24	TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes]
+	25	TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes]
+	26	TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes]
+	27	TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes]
+	28	TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes]
+	29	TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes]
+	30	TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes]
+	31	TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes]
+	32	TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes]
+	33	UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes]
diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out
index 4360e223b..ed5418eae 100644
--- a/tests/result/webex.pcap.out
+++ b/tests/result/webex.pcap.out
@@ -1,65 +1,65 @@
 HTTP	22	3182	2
 SSL_No_Cert	90	10682	5
-SSL	46	10727	4
+SSL	16	1159	3
 SIP	22	15356	1
 Google	17	6375	1
 Webex	1380	818407	43
-Amazon	3	174	1
+Amazon	33	9742	2
 
-	1	TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com]
-	2	TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com]
-	3	TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com]
-	4	TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com]
-	5	TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com]
-	6	TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com]
-	7	TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com]
-	8	UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP][22 pkts/15356 bytes -> 0 pkts/0 bytes]
-	9	TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: Collaborative][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com]
-	10	TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][cat: Web][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][client: api.crittercism.com][server: *.crittercism.com]
-	11	TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com]
-	12	TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com]
-	13	TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][cat: Collaborative][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com]
-	14	TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][cat: Collaborative][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com]
-	15	TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][cat: Collaborative][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com]
-	16	TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][cat: Collaborative][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com]
-	17	TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][cat: Collaborative][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com]
-	18	TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][cat: Collaborative][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com]
-	19	TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][cat: Collaborative][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com]
-	20	TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com]
-	21	TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com]
-	22	TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com]
-	23	TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com]
-	24	TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][cat: Web][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com][server: *.google-analytics.com]
-	25	TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][cat: Collaborative][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com]
-	26	TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][cat: Collaborative][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com]
-	27	TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][cat: Collaborative][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com]
-	28	TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][cat: Collaborative][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com]
-	29	TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][cat: Collaborative][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com]
-	30	TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][cat: Collaborative][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com]
-	31	TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web][10 pkts/1465 bytes <-> 11 pkts/1065 bytes]
-	32	TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web][10 pkts/1388 bytes <-> 10 pkts/1087 bytes]
-	33	TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web][9 pkts/1357 bytes <-> 9 pkts/615 bytes]
-	34	TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web][9 pkts/1357 bytes <-> 9 pkts/615 bytes]
-	35	TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web][6 pkts/970 bytes <-> 6 pkts/821 bytes][Host: cp.pushwoosh.com]
-	36	TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web][7 pkts/1280 bytes <-> 6 pkts/453 bytes]
-	37	TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com]
-	38	UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][14 pkts/1071 bytes <-> 2 pkts/100 bytes]
-	39	TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com]
-	40	TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com]
-	41	TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][7 pkts/501 bytes <-> 4 pkts/216 bytes]
-	42	TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes]
-	43	TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes]
-	44	TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes]
-	45	TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes]
-	46	TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes]
-	47	TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes]
-	48	TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes]
-	49	TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][4 pkts/452 bytes <-> 4 pkts/216 bytes]
-	50	TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes]
-	51	TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][4 pkts/423 bytes <-> 4 pkts/216 bytes]
-	52	TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][4 pkts/299 bytes <-> 4 pkts/216 bytes]
-	53	TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][3 pkts/245 bytes <-> 2 pkts/108 bytes]
-	54	TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][3 pkts/209 bytes <-> 2 pkts/108 bytes]
-	55	TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][2 pkts/128 bytes <-> 1 pkts/54 bytes]
-	56	TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][1 pkts/66 bytes <-> 2 pkts/108 bytes]
-	57	TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 2 pkts/108 bytes]
+	1	TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com]
+	2	TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com]
+	3	TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com]
+	4	TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com]
+	5	TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com]
+	6	TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com]
+	7	TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com]
+	8	UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes]
+	9	TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com]
+	10	TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91.178/SSL.Amazon][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][client: api.crittercism.com][server: *.crittercism.com]
+	11	TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com]
+	12	TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com]
+	13	TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com]
+	14	TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com]
+	15	TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com]
+	16	TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com]
+	17	TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com]
+	18	TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com]
+	19	TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com]
+	20	TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com]
+	21	TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com]
+	22	TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com]
+	23	TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com]
+	24	TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][cat: Web/5][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com][server: *.google-analytics.com]
+	25	TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com]
+	26	TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com]
+	27	TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com]
+	28	TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com]
+	29	TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com]
+	30	TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com]
+	31	TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes]
+	32	TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes]
+	33	TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes]
+	34	TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes]
+	35	TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Host: cp.pushwoosh.com]
+	36	TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes]
+	37	TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com]
+	38	UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][cat: VoIP/10][14 pkts/1071 bytes <-> 2 pkts/100 bytes]
+	39	TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com]
+	40	TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com]
+	41	TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/501 bytes <-> 4 pkts/216 bytes]
+	42	TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes]
+	43	TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes]
+	44	TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes]
+	45	TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes]
+	46	TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes]
+	47	TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes]
+	48	TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes]
+	49	TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes]
+	50	TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][4 pkts/423 bytes <-> 4 pkts/216 bytes]
+	51	TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][4 pkts/423 bytes <-> 4 pkts/216 bytes]
+	52	TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][4 pkts/299 bytes <-> 4 pkts/216 bytes]
+	53	TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][3 pkts/245 bytes <-> 2 pkts/108 bytes]
+	54	TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes]
+	55	TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][2 pkts/128 bytes <-> 1 pkts/54 bytes]
+	56	TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/SSL][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes]
+	57	TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/SSL.Amazon][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes]
diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out
index ad06329ad..716e4cb6a 100644
--- a/tests/result/wechat.pcap.out
+++ b/tests/result/wechat.pcap.out
@@ -13,106 +13,106 @@ LLMNR	12	944	6
 WeChat	1251	606425	49
 GoogleDocs	15	5114	2
 
-	1	TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][88 pkts/15114 bytes <-> 91 pkts/61842 bytes]
-	2	TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com]
-	3	TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][client: web.wechat.com][server: web.wechat.com]
-	4	TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][client: web.wechat.com][server: web.wechat.com]
-	5	TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][client: web.wechat.com][server: web.wechat.com]
-	6	TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com][server: web.wechat.com]
-	7	TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][client: web.wechat.com][server: web.wechat.com]
-	8	TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com][server: web.wechat.com]
-	9	TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][client: web.wechat.com][server: web.wechat.com]
-	10	TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][client: web.wechat.com][server: web.wechat.com]
-	11	TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][client: web.wechat.com][server: web.wechat.com]
-	12	TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][client: web.wechat.com][server: web.wechat.com]
-	13	TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][client: web.wechat.com][server: web.wechat.com]
-	14	TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][client: web.wechat.com][server: web.wechat.com]
-	15	TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com][server: web.wechat.com]
-	16	TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com]
-	17	TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com]
-	18	TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][client: web.wechat.com][server: web.wechat.com]
-	19	TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com][server: web.wechat.com]
-	20	TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com][server: web.wechat.com]
-	21	TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][cat: Chat][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com][server: wx.qq.com]
-	22	TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][cat: Web][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com]
-	23	UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com]
-	24	UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.241/QUIC.GoogleDocs][cat: Media][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com]
-	25	TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com]
-	26	TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: Chat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com]
-	27	TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com]
-	28	TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com]
-	29	TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com]
-	30	TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com]
-	31	TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: Chat][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com][server: web.wechat.com]
-	32	UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network][44 pkts/4488 bytes -> 0 pkts/0 bytes]
-	33	UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com]
-	34	UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network][44 pkts/3608 bytes -> 0 pkts/0 bytes]
-	35	TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes -> 0 pkts/0 bytes]
-	36	UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network][14 pkts/1428 bytes -> 0 pkts/0 bytes]
-	37	TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][10 pkts/660 bytes <-> 10 pkts/660 bytes]
-	38	UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network][14 pkts/1148 bytes -> 0 pkts/0 bytes]
-	39	TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][13 pkts/866 bytes <-> 4 pkts/280 bytes]
-	40	TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes -> 0 pkts/0 bytes]
-	41	TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][3 pkts/802 bytes <-> 3 pkts/198 bytes]
-	42	UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System][9 pkts/828 bytes -> 0 pkts/0 bytes]
-	43	IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network][15 pkts/810 bytes -> 0 pkts/0 bytes]
-	44	UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System][3 pkts/751 bytes -> 0 pkts/0 bytes]
-	45	TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes]
-	46	TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 4 pkts/280 bytes]
-	47	UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][cat: Chat][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com]
-	48	TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes]
-	49	TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes]
-	50	TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes]
-	51	TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes]
-	52	TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes]
-	53	TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes]
-	54	TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][4 pkts/264 bytes <-> 4 pkts/319 bytes]
-	55	TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes]
-	56	TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes]
-	57	TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes]
-	58	TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes]
-	59	TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][5 pkts/290 bytes <-> 4 pkts/234 bytes]
-	60	TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 4 pkts/319 bytes]
-	61	TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes <-> 4 pkts/253 bytes]
-	62	UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com]
-	63	TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 3 pkts/198 bytes]
-	64	TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes]
-	65	UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com]
-	66	TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][3 pkts/206 bytes <-> 2 pkts/148 bytes]
-	67	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica]
-	68	UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com]
-	69	UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com]
-	70	UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][cat: Media][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com]
-	71	IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network][4 pkts/216 bytes -> 0 pkts/0 bytes]
-	72	TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes]
-	73	IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network][4 pkts/200 bytes -> 0 pkts/0 bytes]
-	74	TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes <-> 1 pkts/66 bytes]
-	75	UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz]
-	76	UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: cansaqcq]
-	77	UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: mcztmpkc]
-	78	UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan]
-	79	UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network][2 pkts/170 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org.lan]
-	80	UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com]
-	81	UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com]
-	82	UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 2.debian.pool.ntp.org]
-	83	UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org]
-	84	UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web][2 pkts/158 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan]
-	85	UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz]
-	86	UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq]
-	87	UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc]
-	88	TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes -> 0 pkts/0 bytes]
-	89	TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes]
-	90	TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][1 pkts/66 bytes <-> 1 pkts/66 bytes]
-	91	TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes -> 0 pkts/0 bytes]
-	92	ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network][2 pkts/132 bytes -> 0 pkts/0 bytes]
-	93	0 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][cat: Network][1 pkts/110 bytes -> 0 pkts/0 bytes]
-	94	UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][cat: System][1 pkts/90 bytes -> 0 pkts/0 bytes]
-	95	UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan]
-	96	UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan]
-	97	ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][cat: Network][1 pkts/86 bytes -> 0 pkts/0 bytes]
-	98	UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com]
-	99	UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com]
-	100	UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: Chat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com]
-	101	UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan]
-	102	UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web][1 pkts/75 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com]
-	103	IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network][1 pkts/54 bytes -> 0 pkts/0 bytes]
+	1	TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][88 pkts/15114 bytes <-> 91 pkts/61842 bytes]
+	2	TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com]
+	3	TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][client: web.wechat.com][server: web.wechat.com]
+	4	TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][client: web.wechat.com][server: web.wechat.com]
+	5	TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][client: web.wechat.com][server: web.wechat.com]
+	6	TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com][server: web.wechat.com]
+	7	TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][client: web.wechat.com][server: web.wechat.com]
+	8	TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com][server: web.wechat.com]
+	9	TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][client: web.wechat.com][server: web.wechat.com]
+	10	TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][client: web.wechat.com][server: web.wechat.com]
+	11	TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][client: web.wechat.com][server: web.wechat.com]
+	12	TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][client: web.wechat.com][server: web.wechat.com]
+	13	TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][client: web.wechat.com][server: web.wechat.com]
+	14	TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][client: web.wechat.com][server: web.wechat.com]
+	15	TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com][server: web.wechat.com]
+	16	TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com]
+	17	TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][client: web.wechat.com][server: web.wechat.com]
+	18	TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][client: web.wechat.com][server: web.wechat.com]
+	19	TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com][server: web.wechat.com]
+	20	TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com][server: web.wechat.com]
+	21	TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][cat: Chat/9][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com][server: wx.qq.com]
+	22	TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][cat: Web/5][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com]
+	23	UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web/5][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com]
+	24	UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.241/QUIC.GoogleDocs][cat: Media/1][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com]
+	25	TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com]
+	26	TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com]
+	27	TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com]
+	28	TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com]
+	29	TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com]
+	30	TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][client: web.wechat.com][server: web.wechat.com]
+	31	TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com][server: web.wechat.com]
+	32	UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/4488 bytes -> 0 pkts/0 bytes]
+	33	UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web/5][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com]
+	34	UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/3608 bytes -> 0 pkts/0 bytes]
+	35	TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][2 pkts/2508 bytes -> 0 pkts/0 bytes]
+	36	UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][14 pkts/1428 bytes -> 0 pkts/0 bytes]
+	37	TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][cat: Web/5][10 pkts/660 bytes <-> 10 pkts/660 bytes]
+	38	UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][14 pkts/1148 bytes -> 0 pkts/0 bytes]
+	39	TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][13 pkts/866 bytes <-> 4 pkts/280 bytes]
+	40	TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][cat: Web/5][3 pkts/1078 bytes -> 0 pkts/0 bytes]
+	41	TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][3 pkts/802 bytes <-> 3 pkts/198 bytes]
+	42	UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][9 pkts/828 bytes -> 0 pkts/0 bytes]
+	43	IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][15 pkts/810 bytes -> 0 pkts/0 bytes]
+	44	UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][3 pkts/751 bytes -> 0 pkts/0 bytes]
+	45	TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 4 pkts/280 bytes]
+	46	TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 4 pkts/280 bytes]
+	47	UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][cat: Chat/9][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com]
+	48	TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes]
+	49	TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes]
+	50	TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes]
+	51	TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes]
+	52	TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes]
+	53	TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][9 pkts/594 bytes -> 0 pkts/0 bytes]
+	54	TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][cat: Web/5][4 pkts/264 bytes <-> 4 pkts/319 bytes]
+	55	TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 3 pkts/214 bytes]
+	56	TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][5 pkts/338 bytes <-> 3 pkts/214 bytes]
+	57	TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes]
+	58	TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][cat: Web/5][8 pkts/528 bytes -> 0 pkts/0 bytes]
+	59	TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/SSL][cat: Web/5][5 pkts/290 bytes <-> 4 pkts/234 bytes]
+	60	TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91.126/SSL.Google][cat: Web/5][3 pkts/198 bytes <-> 4 pkts/319 bytes]
+	61	TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][cat: Web/5][4 pkts/216 bytes <-> 4 pkts/253 bytes]
+	62	UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com]
+	63	TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][cat: Web/5][3 pkts/198 bytes <-> 3 pkts/198 bytes]
+	64	TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][6 pkts/396 bytes -> 0 pkts/0 bytes]
+	65	UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com]
+	66	TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][3 pkts/206 bytes <-> 2 pkts/148 bytes]
+	67	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica]
+	68	UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com]
+	69	UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com]
+	70	UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][cat: Media/1][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com]
+	71	IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][4 pkts/216 bytes -> 0 pkts/0 bytes]
+	72	TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes]
+	73	IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][4 pkts/200 bytes -> 0 pkts/0 bytes]
+	74	TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][2 pkts/132 bytes <-> 1 pkts/66 bytes]
+	75	UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz]
+	76	UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: cansaqcq]
+	77	UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: mcztmpkc]
+	78	UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan]
+	79	UDP 192.168.1.103:42856 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/170 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org.lan]
+	80	UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com]
+	81	UDP 192.168.1.103:56367 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com]
+	82	UDP 192.168.1.103:41759 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 2.debian.pool.ntp.org]
+	83	UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org]
+	84	UDP 192.168.1.103:42074 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][2 pkts/158 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan]
+	85	UDP 192.168.1.100:54124 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz]
+	86	UDP 192.168.1.100:49832 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: cansaqcq]
+	87	UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc]
+	88	TCP 192.168.1.103:54106 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][2 pkts/132 bytes -> 0 pkts/0 bytes]
+	89	TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][1 pkts/66 bytes <-> 1 pkts/66 bytes]
+	90	TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][cat: SocialNetwork/6][1 pkts/66 bytes <-> 1 pkts/66 bytes]
+	91	TCP 192.168.1.103:54205 -> 64.233.167.188:443 [proto: 91.126/SSL.Google][cat: Web/5][2 pkts/132 bytes -> 0 pkts/0 bytes]
+	92	ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes]
+	93	0 [fe80::842:a3f3:a286:6c5b]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/110 bytes -> 0 pkts/0 bytes]
+	94	UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes]
+	95	UDP 192.168.1.103:44346 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan]
+	96	UDP 192.168.1.103:53515 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/86 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan]
+	97	ICMPV6 [::]:0 -> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes]
+	98	UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com]
+	99	UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com]
+	100	UDP 192.168.1.103:58165 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][cat: SocialNetwork/6][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com]
+	101	UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan]
+	102	UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/75 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com]
+	103	IGMP 192.168.1.108:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/54 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out
index 16a72e025..b62f14fff 100644
--- a/tests/result/weibo.pcap.out
+++ b/tests/result/weibo.pcap.out
@@ -1,52 +1,51 @@
-DNS	11	1129	6
+DNS	10	1059	5
 HTTP	19	2275	5
 SSL	15	1234	10
-Google	10	660	5
+Google	33	4778	7
 Amazon	2	132	1
-QUIC	23	4118	2
-Sina(Weibo)	418	258007	15
+Sina(Weibo)	419	258077	16
 
-	1	TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn]
-	2	TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork][32 pkts/3624 bytes <-> 40 pkts/50657 bytes][Host: img.t.sinajs.cn]
-	3	TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork][40 pkts/3462 bytes <-> 39 pkts/34030 bytes][Host: www.weibo.com]
-	4	TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork][27 pkts/2298 bytes <-> 26 pkts/34170 bytes][Host: img.t.sinajs.cn]
-	5	TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Host: img.t.sinajs.cn]
-	6	TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Host: img.t.sinajs.cn]
-	7	TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Host: img.t.sinajs.cn]
-	8	UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][cat: Web][8 pkts/1301 bytes <-> 6 pkts/873 bytes]
-	9	UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][cat: Web][5 pkts/963 bytes <-> 4 pkts/981 bytes]
-	10	TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com]
-	11	TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn]
-	12	TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn]
-	13	TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/382 bytes <-> 1 pkts/66 bytes][client: g.alicdn.com]
-	14	UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork][1 pkts/75 bytes <-> 1 pkts/191 bytes][Host: img.t.sinajs.cn]
-	15	UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork][1 pkts/74 bytes <-> 1 pkts/190 bytes][Host: js.t.sinajs.cn]
-	16	UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/72 bytes <-> 1 pkts/171 bytes][Host: g.alicdn.com]
-	17	UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/76 bytes <-> 1 pkts/166 bytes][Host: login.taobao.com]
-	18	UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork][1 pkts/81 bytes <-> 1 pkts/159 bytes][Host: u1.img.mobile.sina.cn]
-	19	UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/77 bytes <-> 1 pkts/157 bytes][Host: acjstb.aliyun.com]
-	20	UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork][1 pkts/73 bytes <-> 1 pkts/142 bytes][Host: www.weibo.com]
-	21	TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][2 pkts/140 bytes <-> 1 pkts/74 bytes]
-	22	TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][2 pkts/128 bytes <-> 1 pkts/66 bytes]
-	23	TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes]
-	24	TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][2 pkts/128 bytes <-> 1 pkts/66 bytes]
-	25	UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/74 bytes <-> 1 pkts/112 bytes][Host: log.mmstat.com]
-	26	UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/69 bytes <-> 1 pkts/85 bytes][Host: weibo.com]
-	27	TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes]
-	28	TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes]
-	29	TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes]
-	30	TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][1 pkts/66 bytes <-> 1 pkts/66 bytes]
-	31	TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes]
-	32	TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes]
-	33	UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: account.weibo.com]
-	34	TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	35	TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	36	TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	37	TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	38	TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	39	TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	40	TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	41	TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	42	TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][1 pkts/74 bytes -> 0 pkts/0 bytes]
-	43	UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com]
-	44	UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5/DNS][cat: Network][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: c.weibo.cn]
+	1	TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn]
+	2	TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][32 pkts/3624 bytes <-> 40 pkts/50657 bytes][Host: img.t.sinajs.cn]
+	3	TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][40 pkts/3462 bytes <-> 39 pkts/34030 bytes][Host: www.weibo.com]
+	4	TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][27 pkts/2298 bytes <-> 26 pkts/34170 bytes][Host: img.t.sinajs.cn]
+	5	TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Host: img.t.sinajs.cn]
+	6	TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Host: img.t.sinajs.cn]
+	7	TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Host: img.t.sinajs.cn]
+	8	UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188.126/QUIC.Google][cat: Web/5][8 pkts/1301 bytes <-> 6 pkts/873 bytes]
+	9	UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188.126/QUIC.Google][cat: Web/5][5 pkts/963 bytes <-> 4 pkts/981 bytes]
+	10	TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com]
+	11	TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn]
+	12	TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn]
+	13	TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][client: g.alicdn.com]
+	14	UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/75 bytes <-> 1 pkts/191 bytes][Host: img.t.sinajs.cn]
+	15	UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/190 bytes][Host: js.t.sinajs.cn]
+	16	UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/171 bytes][Host: g.alicdn.com]
+	17	UDP 192.168.1.105:33822 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/166 bytes][Host: login.taobao.com]
+	18	UDP 192.168.1.105:18035 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/81 bytes <-> 1 pkts/159 bytes][Host: u1.img.mobile.sina.cn]
+	19	UDP 192.168.1.105:50640 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/157 bytes][Host: acjstb.aliyun.com]
+	20	UDP 192.168.1.105:7148 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/73 bytes <-> 1 pkts/142 bytes][Host: www.weibo.com]
+	21	TCP 192.168.1.105:35808 <-> 93.188.134.246:80 [proto: 7/HTTP][cat: Web/5][2 pkts/140 bytes <-> 1 pkts/74 bytes]
+	22	TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes]
+	23	TCP 192.168.1.105:59120 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes]
+	24	TCP 192.168.1.105:59121 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/66 bytes]
+	25	UDP 192.168.1.105:53466 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/112 bytes][Host: log.mmstat.com]
+	26	UDP 192.168.1.105:54988 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/69 bytes <-> 1 pkts/85 bytes][Host: weibo.com]
+	27	TCP 192.168.1.105:34699 <-> 216.58.212.65:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes]
+	28	TCP 192.168.1.105:35154 <-> 216.58.210.206:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes]
+	29	TCP 192.168.1.105:37802 <-> 216.58.212.69:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes]
+	30	TCP 192.168.1.105:40440 <-> 54.225.163.210:443 [proto: 91.178/SSL.Amazon][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes]
+	31	TCP 192.168.1.105:58480 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes]
+	32	TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91.126/SSL.Google][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes]
+	33	UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: account.weibo.com]
+	34	TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	35	TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	36	TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	37	TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	38	TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	39	TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	40	TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	41	TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	42	TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/SSL][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes]
+	43	UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes -> 0 pkts/0 bytes][Host: data.weibo.com]
+	44	UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/70 bytes -> 0 pkts/0 bytes][Host: c.weibo.cn]
diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out
index cb4d94650..666b3d70a 100644
--- a/tests/result/whatsapp_login_call.pcap.out
+++ b/tests/result/whatsapp_login_call.pcap.out
@@ -2,72 +2,72 @@ Unknown	27	2322	2
 HTTP	11	726	3
 MDNS	8	952	4
 DHCP	10	3420	1
-STUN	70	9464	14
 ICMP	10	700	1
 SSL	8	589	2
 Dropbox	4	2176	1
 Apple	105	22176	19
 WhatsApp	182	25154	2
 Spotify	3	258	1
+Messenger	70	9464	14
 WhatsAppVoice	706	91156	4
 AppleStore	85	28087	2
 ApplePush	22	5926	1
 
-	1	UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][cat: VoIP][186 pkts/27025 bytes <-> 278 pkts/25895 bytes]
-	2	UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][cat: VoIP][141 pkts/17530 bytes <-> 57 pkts/12888 bytes]
-	3	TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][cat: Chat][100 pkts/14711 bytes <-> 80 pkts/10163 bytes]
-	4	TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][cat: SoftwareUpdate][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com]
-	5	TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][cat: Web][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com][server: *.ess.apple.com]
-	6	TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][cat: SoftwareUpdate][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com]
-	7	TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238/ApplePush][cat: Cloud][11 pkts/4732 bytes <-> 11 pkts/1194 bytes]
-	8	UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP][12 pkts/2341 bytes <-> 12 pkts/2484 bytes]
-	9	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac]
-	10	UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP][9 pkts/1842 bytes <-> 11 pkts/1151 bytes]
-	11	UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud][4 pkts/2176 bytes -> 0 pkts/0 bytes]
-	12	TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][9 pkts/1130 bytes <-> 8 pkts/868 bytes]
-	13	ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][cat: Network][10 pkts/700 bytes -> 0 pkts/0 bytes]
-	14	UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	15	UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	16	UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	17	UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	18	UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	19	UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	20	UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	21	UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	22	UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	23	UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	24	UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	25	UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	26	UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	27	UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	28	TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][3 pkts/174 bytes <-> 2 pkts/217 bytes]
-	29	TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][3 pkts/198 bytes <-> 2 pkts/132 bytes]
-	30	UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][cat: Web][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com]
-	31	UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e13.whatsapp.net]
-	32	UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][cat: Streaming][3 pkts/258 bytes -> 0 pkts/0 bytes]
-	33	UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network][2 pkts/258 bytes -> 0 pkts/0 bytes]
-	34	UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network][2 pkts/258 bytes -> 0 pkts/0 bytes]
-	35	UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network][2 pkts/218 bytes -> 0 pkts/0 bytes]
-	36	UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network][2 pkts/218 bytes -> 0 pkts/0 bytes]
-	37	TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes]
-	38	TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][2 pkts/132 bytes <-> 1 pkts/66 bytes]
-	39	TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][2 pkts/132 bytes <-> 1 pkts/66 bytes]
-	40	TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][2 pkts/132 bytes <-> 1 pkts/66 bytes]
-	41	TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	42	TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	43	TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	44	TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	45	TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	46	TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	47	TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	48	TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	49	TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	50	TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	51	TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	52	TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	53	TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	54	TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
-	55	TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	1	UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][cat: VoIP/10][186 pkts/27025 bytes <-> 278 pkts/25895 bytes]
+	2	UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][cat: VoIP/10][141 pkts/17530 bytes <-> 57 pkts/12888 bytes]
+	3	TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][cat: Chat/9][100 pkts/14711 bytes <-> 80 pkts/10163 bytes]
+	4	TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][cat: SoftwareUpdate/19][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com]
+	5	TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][cat: Web/5][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][client: query.ess.apple.com][server: *.ess.apple.com]
+	6	TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][cat: SoftwareUpdate/19][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com]
+	7	TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238/ApplePush][cat: Cloud/13][11 pkts/4732 bytes <-> 11 pkts/1194 bytes]
+	8	UDP 192.168.2.4:51518 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][12 pkts/2341 bytes <-> 12 pkts/2484 bytes]
+	9	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][10 pkts/3420 bytes -> 0 pkts/0 bytes][Host: lucas-imac]
+	10	UDP 192.168.2.4:52794 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][9 pkts/1842 bytes <-> 11 pkts/1151 bytes]
+	11	UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/2176 bytes -> 0 pkts/0 bytes]
+	12	TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][cat: Web/5][9 pkts/1130 bytes <-> 8 pkts/868 bytes]
+	13	ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][cat: Network/14][10 pkts/700 bytes -> 0 pkts/0 bytes]
+	14	UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	15	UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	16	UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	17	UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	18	UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	19	UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	20	UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	21	UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	22	UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	23	UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	24	UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	25	UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	26	UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	27	UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	28	TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/217 bytes]
+	29	TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][cat: Web/5][3 pkts/198 bytes <-> 2 pkts/132 bytes]
+	30	UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com]
+	31	UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e13.whatsapp.net]
+	32	UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][cat: Streaming/17][3 pkts/258 bytes -> 0 pkts/0 bytes]
+	33	UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes]
+	34	UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes]
+	35	UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/218 bytes -> 0 pkts/0 bytes]
+	36	UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/218 bytes -> 0 pkts/0 bytes]
+	37	TCP 192.168.2.4:49173 <-> 93.186.135.82:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes]
+	38	TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes]
+	39	TCP 192.168.2.4:49194 <-> 93.62.150.157:443 [proto: 91/SSL][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes]
+	40	TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes]
+	41	TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	42	TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	43	TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	44	TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	45	TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	46	TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	47	TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	48	TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	49	TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	50	TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	51	TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	52	TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	53	TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	54	TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
+	55	TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/54 bytes]
 
 
 Undetected flows:
diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out
index 0972ccc15..324b0cd4c 100644
--- a/tests/result/whatsapp_login_chat.pcap.out
+++ b/tests/result/whatsapp_login_chat.pcap.out
@@ -6,12 +6,12 @@ WhatsApp	32	3243	2
 Spotify	1	86	1
 ApplePush	6	2095	1
 
-	1	TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][24 pkts/15117 bytes <-> 20 pkts/6254 bytes]
-	2	TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][cat: Chat][17 pkts/1794 bytes <-> 13 pkts/1169 bytes]
-	3	TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238/ApplePush][cat: Cloud][6 pkts/2095 bytes -> 0 pkts/0 bytes]
-	4	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac]
-	5	UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud][2 pkts/1088 bytes -> 0 pkts/0 bytes]
-	6	UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e12.whatsapp.net]
-	7	UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network][1 pkts/111 bytes -> 0 pkts/0 bytes]
-	8	UDP 192.168.2.4:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network][1 pkts/91 bytes -> 0 pkts/0 bytes]
-	9	UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][cat: Streaming][1 pkts/86 bytes -> 0 pkts/0 bytes]
+	1	TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][cat: Web/5][24 pkts/15117 bytes <-> 20 pkts/6254 bytes]
+	2	TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][cat: Chat/9][17 pkts/1794 bytes <-> 13 pkts/1169 bytes]
+	3	TCP 17.110.229.14:5223 -> 192.168.2.4:49193 [proto: 238/ApplePush][cat: Cloud/13][6 pkts/2095 bytes -> 0 pkts/0 bytes]
+	4	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][6 pkts/2052 bytes -> 0 pkts/0 bytes][Host: lucas-imac]
+	5	UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][2 pkts/1088 bytes -> 0 pkts/0 bytes]
+	6	UDP 192.168.2.4:61697 <-> 192.168.2.1:53 [proto: 5.142/DNS.WhatsApp][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/204 bytes][Host: e12.whatsapp.net]
+	7	UDP [fe80::189c:c31b:1298:224]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/111 bytes -> 0 pkts/0 bytes]
+	8	UDP 192.168.2.4:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes]
+	9	UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][cat: Streaming/17][1 pkts/86 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out
index e35e49fd3..a8bd6e497 100644
--- a/tests/result/whatsapp_voice_and_message.pcap.out
+++ b/tests/result/whatsapp_voice_and_message.pcap.out
@@ -1,17 +1,16 @@
-SkypeCallIn	9	1184	1
-STUN	35	4732	7
 WhatsApp	217	22139	5
+Messenger	44	5916	8
 
-	1	TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][cat: Chat][30 pkts/2539 bytes <-> 32 pkts/3070 bytes]
-	2	TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 142/WhatsApp][cat: Chat][24 pkts/3029 bytes <-> 22 pkts/1961 bytes]
-	3	TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][cat: Chat][15 pkts/2690 bytes <-> 15 pkts/2019 bytes]
-	4	TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][cat: Chat][26 pkts/2311 bytes <-> 26 pkts/2300 bytes]
-	5	TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][cat: Chat][14 pkts/1123 bytes <-> 13 pkts/1097 bytes]
-	6	UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 125.49/Skype.SkypeCallIn][5 pkts/840 bytes <-> 4 pkts/344 bytes]
-	7	UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	8	UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	9	UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	10	UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	11	UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	12	UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
-	13	UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 119.78/Facebook.STUN][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	1	TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][cat: Chat/9][30 pkts/2539 bytes <-> 32 pkts/3070 bytes]
+	2	TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 142/WhatsApp][cat: Chat/9][24 pkts/3029 bytes <-> 22 pkts/1961 bytes]
+	3	TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][cat: Chat/9][15 pkts/2690 bytes <-> 15 pkts/2019 bytes]
+	4	TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][cat: Chat/9][26 pkts/2311 bytes <-> 26 pkts/2300 bytes]
+	5	TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][cat: Chat/9][14 pkts/1123 bytes <-> 13 pkts/1097 bytes]
+	6	UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][5 pkts/840 bytes <-> 4 pkts/344 bytes]
+	7	UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	8	UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	9	UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	10	UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	11	UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	12	UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
+	13	UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.157/STUN.Messenger][cat: Chat/9][3 pkts/504 bytes <-> 2 pkts/172 bytes]
diff --git a/tests/result/whatsappfiles.pcap.out b/tests/result/whatsappfiles.pcap.out
index 241e2d3e4..40d4fa391 100644
--- a/tests/result/whatsappfiles.pcap.out
+++ b/tests/result/whatsappfiles.pcap.out
@@ -1,4 +1,4 @@
 WhatsAppFiles	620	452233	2
 
-	1	TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 242/WhatsAppFiles][cat: Download-FileTransfer-FileSharing][132 pkts/9906 bytes <-> 178 pkts/237405 bytes]
-	2	TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 242/WhatsAppFiles][cat: Download-FileTransfer-FileSharing][161 pkts/189194 bytes <-> 149 pkts/15728 bytes]
+	1	TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 91.242/SSL.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes]
+	2	TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 91.242/SSL.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes]
diff --git a/tests/result/youtube_quic.pcap.out b/tests/result/youtube_quic.pcap.out
index 04388e419..79012ce78 100644
--- a/tests/result/youtube_quic.pcap.out
+++ b/tests/result/youtube_quic.pcap.out
@@ -1,6 +1,6 @@
 YouTube	258	178495	1
 Google	31	13144	2
 
-	1	UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][cat: Media][113 pkts/16111 bytes <-> 145 pkts/162384 bytes][Host: yt3.ggpht.com]
-	2	UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][cat: Web][9 pkts/3929 bytes <-> 9 pkts/4736 bytes][Host: googleads.g.doubleclick.net]
-	3	UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][cat: Web][7 pkts/2312 bytes <-> 6 pkts/2167 bytes][Host: pagead2.googlesyndication.com]
+	1	UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][cat: Media/1][113 pkts/16111 bytes <-> 145 pkts/162384 bytes][Host: yt3.ggpht.com]
+	2	UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][cat: Web/5][9 pkts/3929 bytes <-> 9 pkts/4736 bytes][Host: googleads.g.doubleclick.net]
+	3	UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][cat: Web/5][7 pkts/2312 bytes <-> 6 pkts/2167 bytes][Host: pagead2.googlesyndication.com]
diff --git a/tests/result/youtubeupload.pcap.out b/tests/result/youtubeupload.pcap.out
index b01ca251c..6e65c9abd 100644
--- a/tests/result/youtubeupload.pcap.out
+++ b/tests/result/youtubeupload.pcap.out
@@ -1,5 +1,5 @@
 YouTubeUpload	137	127038	3
 
-	1	UDP 192.168.2.27:51925 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][cat: Media][80 pkts/100473 bytes <-> 20 pkts/6003 bytes][Host: upload.youtube.com]
-	2	UDP 192.168.2.27:62232 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][cat: Media][13 pkts/8651 bytes <-> 11 pkts/6463 bytes][Host: upload.youtube.com]
-	3	TCP 192.168.2.27:57452 <-> 172.217.23.111:443 [proto: 91.136/SSL.YouTubeUpload][cat: Media][6 pkts/649 bytes <-> 7 pkts/4799 bytes][client: upload.youtube.com][server: upload.video.google.com]
+	1	UDP 192.168.2.27:51925 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][cat: Media/1][80 pkts/100473 bytes <-> 20 pkts/6003 bytes][Host: upload.youtube.com]
+	2	UDP 192.168.2.27:62232 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][cat: Media/1][13 pkts/8651 bytes <-> 11 pkts/6463 bytes][Host: upload.youtube.com]
+	3	TCP 192.168.2.27:57452 <-> 172.217.23.111:443 [proto: 91.136/SSL.YouTubeUpload][cat: Media/1][6 pkts/649 bytes <-> 7 pkts/4799 bytes][client: upload.youtube.com][server: upload.video.google.com]
diff --git a/tests/result/zcash.pcap.out b/tests/result/zcash.pcap.out
new file mode 100644
index 000000000..f144e4f21
--- /dev/null
+++ b/tests/result/zcash.pcap.out
@@ -0,0 +1,3 @@
+Mining	145	20644	1
+
+	1	TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][cat: Mining/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes]