1 files changed, 5 insertions, 3 deletions

diff --git a/tests/result/whois.pcapng.out b/tests/result/whois.pcapng.out
index 6f9f78883..bfd86498e 100644
--- a/tests/result/whois.pcapng.out
+++ b/tests/result/whois.pcapng.out
@@ -1,6 +1,8 @@
 Guessed flow protos:	1
 
 DPI Packets (TCP):	16	(5.33 pkts/flow)
+Confidence Match by port    : 1 (flows)
+Confidence DPI              : 2 (flows)
 
 TLS	7	2046	1
 Whois-DAS	16	4294	2
@@ -10,6 +12,6 @@ JA3 Host Stats:
 	1	 10.17.34.139             	 1      
 
 
-	1	TCP 192.30.45.30:43 -> 10.160.63.128:53217 [VLAN: 1908][proto: 170/Whois-DAS][ClearText][cat: Network/14][5 pkts/3410 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.33 sec][PLAIN TEXT (   Domain Name)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0]
-	2	TCP 10.17.34.139:64016 <-> 10.17.51.8:4343 [VLAN: 1603][proto: 91/TLS][Encrypted][cat: Web/5][4 pkts/628 bytes <-> 3 pkts/1418 bytes][Goodput ratio: 54/86][0.24 sec][ALPN: h2;http/1.1][bytes ratio: -0.386 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/229 74/229 222/229 105/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/70 157/473 228/1278 71/569][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.2][JA3C: 5f48063f9f3a827056ccdabadcc3886a][JA3S: 649d6810e8392f63dc311eecb6b7098b][Issuer: CN=10.17.51.7][Subject: CN=10.17.51.7, CN=10.17.51.7][Certificate SHA-1: DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5][Firefox][Validity: 2017-11-14 08:00:00 - 2022-11-13 08:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
-	3	TCP 10.0.2.15:44188 <-> 192.0.47.59:43 [proto: 170/Whois-DAS][ClearText][cat: Network/14][6 pkts/357 bytes <-> 5 pkts/527 bytes][Goodput ratio: 4/44][0.30 sec][Hostname/SNI: example.com][bytes ratio: -0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/119 60/60 120/119 50/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 60/105 74/287 8/91][PLAIN TEXT (example.com)][Plen Bins: 50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.30.45.30:43 -> 10.160.63.128:53217 [VLAN: 1908][proto: 170/Whois-DAS][ClearText][Confidence: Match by port][cat: Network/14][5 pkts/3410 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.33 sec][PLAIN TEXT (   Domain Name)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 10.17.34.139:64016 <-> 10.17.51.8:4343 [VLAN: 1603][proto: 91/TLS][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/628 bytes <-> 3 pkts/1418 bytes][Goodput ratio: 54/86][0.24 sec][ALPN: h2;http/1.1][bytes ratio: -0.386 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/229 74/229 222/229 105/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/70 157/473 228/1278 71/569][Risk: ** Known protocol on non standard port **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.2][JA3C: 5f48063f9f3a827056ccdabadcc3886a][JA3S: 649d6810e8392f63dc311eecb6b7098b][Issuer: CN=10.17.51.7][Subject: CN=10.17.51.7, CN=10.17.51.7][Certificate SHA-1: DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5][Firefox][Validity: 2017-11-14 08:00:00 - 2022-11-13 08:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
+	3	TCP 10.0.2.15:44188 <-> 192.0.47.59:43 [proto: 170/Whois-DAS][ClearText][Confidence: DPI][cat: Network/14][6 pkts/357 bytes <-> 5 pkts/527 bytes][Goodput ratio: 4/44][0.30 sec][Hostname/SNI: example.com][bytes ratio: -0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/119 60/60 120/119 50/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 60/105 74/287 8/91][PLAIN TEXT (example.com)][Plen Bins: 50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]