3 files changed, 12 insertions, 0 deletions

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index bce586c11..00b312a68 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1859,6 +1859,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
 #endif
     fprintf(out, "[DPI packets: %d]", flow->dpi_packets);
 
+    if(flow->num_packets_before_monitoring > 0)
+      fprintf(out, "[DPI packets before monitoring: %d]", flow->num_packets_before_monitoring);
+
     if(flow->detected_protocol.category != 0)
       fprintf(out, "[cat: %s/%u]",
 	      ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct,
diff --git a/example/reader_util.c b/example/reader_util.c
index ffa724800..10445f214 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1173,6 +1173,13 @@ static void process_ndpi_monitoring_info(struct ndpi_flow_info *flow) {
   if(!flow->ndpi_flow || !flow->ndpi_flow->monit)
     return;
 
+  if(flow->monitoring_state == 0 &&
+     flow->ndpi_flow->monitoring) {
+    /* We just moved to monitoring state */
+    flow->monitoring_state = 1;
+    flow->num_packets_before_monitoring = flow->ndpi_flow->packet_direction_complete_counter[0] + flow->ndpi_flow->packet_direction_complete_counter[1];
+  }
+
   /* In theory, we should check only for STUN.
      However since we sometimes might not have STUN in protocol classification
      (because we have only two protocols in flow->ndpi_flow->detected_protocol_stack[])
diff --git a/example/reader_util.h b/example/reader_util.h
index 4b9d90beb..5c4acbb90 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -217,6 +217,8 @@ typedef struct ndpi_flow_info {
   struct ndpi_fpc_info fpc;
   u_int16_t num_dissector_calls;
   u_int16_t dpi_packets;
+  u_int8_t monitoring_state;
+  u_int16_t num_packets_before_monitoring;
 
   // Flow data analysis
   pkt_timeval src2dst_last_pkt_time, dst2src_last_pkt_time, flow_last_pkt_time;