From 4802987178a0a49ea5ff4a01e92a35b5517734dc Mon Sep 17 00:00:00 2001
From: Luca <deri@ntop.org>
Date: Thu, 31 Oct 2019 00:14:20 +0100
Subject: Initial work towards HTTP content-type export

---
 example/ndpiReader.c                   |   5 +-
 example/reader_util.c                  |   2 +
 example/reader_util.h                  |   2 +-
 src/include/ndpi_typedefs.h            |   2 +-
 src/lib/ndpi_main.c                    |  23 ++++++-
 src/lib/ndpi_utils.c                   |  10 ++-
 src/lib/protocols/http.c               |  53 +++++++++------
 tests/result/1kxun.pcap.out            |  36 +++++------
 tests/result/6in4tunnel.pcap.out       |   2 +-
 tests/result/EAQ.pcap.out              |   4 +-
 tests/result/KakaoTalk_chat.pcap.out   |   4 +-
 tests/result/KakaoTalk_talk.pcap.out   |   3 +-
 tests/result/anyconnect-vpn.pcap.out   |  11 ++--
 tests/result/instagram.pcap.out        |  14 ++--
 tests/result/malware.pcap.out          |   2 +-
 tests/result/mpeg.pcap.out             |   2 +-
 tests/result/netflix.pcap.out          |  54 ++++++++--------
 tests/result/ocs.pcap.out              |  10 +--
 tests/result/pps.pcap.out              | 114 ++++++++++++++++-----------------
 tests/result/quickplay.pcap.out        |  42 ++++++------
 tests/result/starcraft_battle.pcap.out |  40 ++++++------
 tests/result/waze.pcap.out             |  16 ++---
 tests/result/webex.pcap.out            |   4 +-
 tests/result/weibo.pcap.out            |  20 +++---
 24 files changed, 260 insertions(+), 215 deletions(-)

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 364ee6b50..268fea160 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1143,8 +1143,9 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
     }
 
     if(flow->http.url[0] != '\0')
-      fprintf(out, "[URL: %s][StatusCode: %u]",
-	      flow->http.url, flow->http.response_status_code);
+      fprintf(out, "[URL: %s][StatusCode: %u][ContentType: %s][UserAgent: %s]",
+	      flow->http.url, flow->http.response_status_code,
+	      flow->http.content_type, flow->http.user_agent);
     
     if(flow->ssh_tls.ssl_version != 0) fprintf(out, "[%s]", ndpi_ssl_version2str(flow->ssh_tls.ssl_version, &known_tls));
     if(flow->ssh_tls.client_info[0] != '\0') fprintf(out, "[Client: %s]", flow->ssh_tls.client_info);
diff --git a/example/reader_util.c b/example/reader_util.c
index 3d9fde695..44e02616e 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -980,6 +980,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
     if(flow->ndpi_flow->http.url != NULL) {
       snprintf(flow->http.url, sizeof(flow->http.url), "%s", flow->ndpi_flow->http.url);
       flow->http.response_status_code = flow->ndpi_flow->http.response_status_code;
+      snprintf(flow->http.content_type, sizeof(flow->http.content_type), "%s", flow->ndpi_flow->http.content_type ? flow->ndpi_flow->http.content_type : "");
+      snprintf(flow->http.user_agent, sizeof(flow->http.user_agent), "%s", flow->ndpi_flow->http.user_agent ? flow->ndpi_flow->http.user_agent : "");
     }
   } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_TELNET)) {
     snprintf(flow->telnet.username, sizeof(flow->telnet.username), "%s", flow->ndpi_flow->protos.telnet.username);
diff --git a/example/reader_util.h b/example/reader_util.h
index 3ca584c18..93df6b03a 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -194,7 +194,7 @@ typedef struct ndpi_flow_info {
   } ssh_tls;
 
   struct {
-    char url[256];
+    char url[256], content_type[64], user_agent[128];
     u_int response_status_code;
   } http;
   
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 1795ed5f1..04e439221 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1168,7 +1168,7 @@ struct ndpi_flow_struct {
   */
   struct {
     ndpi_http_method method;
-    char *url, *content_type;
+    char *url, *content_type, *user_agent;
     u_int8_t num_request_headers, num_response_headers;
     u_int8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */
     u_int16_t response_status_code; /* 200, 404, etc. */
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index ac8364761..3859bcb98 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -3736,6 +3736,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
 
 	if(flow->http.url)          ndpi_free(flow->http.url);
 	if(flow->http.content_type) ndpi_free(flow->http.content_type);
+	if(flow->http.user_agent)   ndpi_free(flow->http.user_agent);
 
 	backup  = flow->num_processed_pkts;
 	backup1 = flow->guessed_protocol_id;
@@ -5067,15 +5068,30 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str,
 	     || strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-type: ", 14) == 0)) {
         packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[14];
         packet->content_line.len = packet->line[packet->parsed_lines].len - 14;
+
+	while((packet->content_line.len > 0) && (packet->content_line.ptr[0] == ' '))
+	  packet->content_line.len--, packet->content_line.ptr++;
+	
         packet->http_num_headers++;
       }
       /* "Content-Type:" header line in HTTP AGAIN. Probably a bogus response without space after ":" */
-      if(packet->line[packet->parsed_lines].len > 13
-	 && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0) {
+      if((packet->content_line.len == 0)
+	 && (packet->line[packet->parsed_lines].len > 13)
+	 && (strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0)) {
         packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[13];
         packet->content_line.len = packet->line[packet->parsed_lines].len - 13;
         packet->http_num_headers++;
       }
+
+      if(packet->content_line.len > 0) {
+	/* application/json; charset=utf-8 */
+	char *c = strchr((char*)packet->content_line.ptr, ';');
+
+	if(c != NULL) {
+	  packet->content_line.len = c - (char*)packet->content_line.ptr;
+	}
+      }
+      
       /* "Accept:" header line in HTTP request. */
       if(packet->line[packet->parsed_lines].len > 8
 	 && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) {
@@ -6249,8 +6265,9 @@ int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_str,
 
 void ndpi_free_flow(struct ndpi_flow_struct *flow) {
   if(flow) {
-  if(flow->http.url)          ndpi_free(flow->http.url);
+  if(flow->http.url)            ndpi_free(flow->http.url);
     if(flow->http.content_type) ndpi_free(flow->http.content_type);
+    if(flow->http.user_agent)   ndpi_free(flow->http.user_agent);
 
     if(flow->l4_proto == IPPROTO_TCP) {
       if(flow->l4.tcp.tls_srv_cert_fingerprint_ctx)
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index dbe5d7901..f11f074cd 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -966,12 +966,20 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct,
     ndpi_serialize_end_of_block(serializer);
     break;
 
+  case NDPI_PROTOCOL_TELNET:
+    ndpi_serialize_start_of_block(serializer, "telnet");
+    ndpi_serialize_string_string(serializer, "username", flow->protos.telnet.username);
+    ndpi_serialize_end_of_block(serializer);
+    break;
+
   case NDPI_PROTOCOL_HTTP:
     ndpi_serialize_start_of_block(serializer, "http");
     if(flow->host_server_name[0] != '\0')
       ndpi_serialize_string_string(serializer, "hostname", (const char*)flow->host_server_name);
-    ndpi_serialize_string_string(serializer,   "url", flow->http.url);
+    ndpi_serialize_string_string(serializer,   "url", flow->http.url);    
     ndpi_serialize_string_uint32(serializer,   "code", flow->http.response_status_code);
+    ndpi_serialize_string_string(serializer,   "content_type", flow->http.content_type);
+    ndpi_serialize_string_string(serializer,   "user_agent", flow->http.user_agent);
     ndpi_serialize_end_of_block(serializer);
     break;
 
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index b73a1aeee..2525cfbd7 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -39,7 +39,7 @@ static int ndpi_search_http_tcp_again(struct ndpi_detection_module_struct *ndpi_
 #ifdef HTTP_DEBUG
   printf("=> %s()\n", __FUNCTION__);
 #endif
-  
+
   if((flow->host_server_name[0] != '\0') && (flow->http.response_status_code != 0)) {
     /* stop extra processing */
     flow->extra_packets_func = NULL; /* We're good now */
@@ -61,7 +61,7 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd
 
   if(flow->extra_packets_func && (flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN))
      return; /* Nothing new to add */
-     
+
   /* This is HTTP and it is not a sub protocol (e.g. skype or dropbox) */
   ndpi_search_tcp_or_udp(ndpi_struct, flow);
 
@@ -71,9 +71,9 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd
     ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_HTTP);
   } else
     ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_UNKNOWN);
-    
+
   /* This is necessary to inform the core to call this dissector again */
-  flow->check_extra_packets = 1;    
+  flow->check_extra_packets = 1;
   flow->max_extra_packets_to_check = 5;
   flow->extra_packets_func = ndpi_search_http_tcp_again;
   flow->http_detected = 1, flow->guessed_category = category;
@@ -134,9 +134,9 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
   struct ndpi_packet_struct *packet = &flow->packet;
 
   ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_UNKNOWN);
-  
-  if(flow->http_detected && (flow->http.response_status_code != 0))  
-    return;  
+
+  if(flow->http_detected && (flow->http.response_status_code != 0))
+    return;
 
 #if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI)
   /* PPStream */
@@ -200,17 +200,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
       }
     }
 
-    if((flow->http.content_type == NULL) && (packet->content_line.len > 0)) {
-      int len = packet->content_line.len + 1;
-
-      flow->http.content_type = ndpi_malloc(len);
-      if(flow->http.content_type) {
-	strncpy(flow->http.content_type, (char*)packet->content_line.ptr,
-		packet->content_line.len);
-	flow->http.content_type[packet->content_line.len] = '\0';
-      }
-    }  
-
   if(packet->user_agent_line.ptr != NULL && packet->user_agent_line.len != 0) {
     /**
        Format examples:
@@ -276,6 +265,17 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
       }
     }
 
+    if(flow->http.user_agent == NULL) {
+      int len = packet->user_agent_line.len + 1;
+
+      flow->http.user_agent = ndpi_malloc(len);
+      if(flow->http.user_agent) {
+	strncpy(flow->http.user_agent, (char*)packet->user_agent_line.ptr,
+		packet->user_agent_line.len);
+	flow->http.user_agent[packet->user_agent_line.len] = '\0';
+      }
+    }
+
     NDPI_LOG_DBG2(ndpi_struct, "User Agent Type line found %.*s\n",
 		  packet->user_agent_line.len, packet->user_agent_line.ptr);
   }
@@ -383,6 +383,17 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
     NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n",
 		  packet->content_line.len, packet->content_line.ptr);
 
+    if((flow->http.content_type == NULL) && (packet->content_line.len > 0)) {
+      int len = packet->content_line.len + 1;
+      
+      flow->http.content_type = ndpi_malloc(len);
+      if(flow->http.content_type) {
+	strncpy(flow->http.content_type, (char*)packet->content_line.ptr,
+		packet->content_line.len);
+	flow->http.content_type[packet->content_line.len] = '\0';
+      }
+    }
+    
     if(flow->http_detected) {
       ndpi_protocol_match_result ret_match;
 
@@ -491,7 +502,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
 	    flow->http.response_status_code = 0; /* Out of range */
 	}
 
-        ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP);
+	ndpi_parse_packet_line_info(ndpi_struct, flow);
         check_content_type_and_change_protocol(ndpi_struct, flow);
         return;
       }
@@ -615,7 +626,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
 	x++;
       }
 #endif
-      
+
 #if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI)
       /* check PPStream protocol or iQiyi service
 	 (iqiyi is delivered by ppstream) */
@@ -688,7 +699,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
 	flow->http_detected = 1;
 	NDPI_LOG_DBG2(ndpi_struct,
 		      "HTTP START Found, we will look further for the response...\n");
-	flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2      
+	flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2
         check_content_type_and_change_protocol(ndpi_struct, flow);
         return;
       }
diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out
index 9e7358398..73d91f0af 100644
--- a/tests/result/1kxun.pcap.out
+++ b/tests/result/1kxun.pcap.out
@@ -19,42 +19,42 @@ JA3 Host Stats:
 	1	 192.168.5.16             	 2      
 
 
-	1	TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][cat: Web/5][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144][bytes ratio: -0.836 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 189.9/321.4 862/665 235.6/194.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 58.0/1060.5 557/1078 44.0/127.3][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][PLAIN TEXT (GET /vlive.qq)]
-	2	TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3472.5/1028.9 44994/45054 11986.3/6713.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 95.7/1209.9 416/1314 113.3/325.4][URL: pic.1kxun.com/video_kankan/images/videos/18283-jfyj3.jpg][StatusCode: 200][PLAIN TEXT (GET /video)]
-	3	TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3465.9/3.9 44999/62 11989.6/12.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 135.6/1145.0 415/1314 149.1/400.0][URL: pic.1kxun.com/video_kankan/images/videos/3578-ywzj.jpg][StatusCode: 200][PLAIN TEXT (GET /video)]
-	4	TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2648.9/11.6 44748/253 10524.9/44.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.1/1126.9 415/1314 133.3/398.1][URL: pic.1kxun.com/video_kankan/images/videos/3713-ydm.jpg][StatusCode: 200][PLAIN TEXT (GET /video)]
-	5	TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com][bytes ratio: -0.887 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3006.5/1410.1 44996/45052 11222.2/7838.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 128.2/1131.9 423/1314 145.2/402.7][URL: pic.1kxun.com/video_kankan/images/videos/4657-jfyj.jpg][StatusCode: 200][PLAIN TEXT (GET /video)]
-	6	TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7/HTTP][cat: Streaming/17][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15.8/8.0 194/109 46.1/23.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 87.5/1207.9 411/1314 102.3/329.2][URL: jp.kankan.1kxun.mobi/api/movies/mp4script/10410?definition=true][StatusCode: 200][PLAIN TEXT (GET /api/movies/mp4)]
-	7	TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11.6/6.1 66/65 22.8/18.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 100.8/1095.5 415/1314 118.8/461.2][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][PLAIN TEXT (GET /video)]
-	8	TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632.4/3.6 45001/65 14880.0/14.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.3/1099.3 415/1314 133.6/455.3][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][PLAIN TEXT (GET /video)]
-	9	TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 48.8/52.0 298/178 81.1/57.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 235.8/538.8 499/1314 192.8/555.7][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][PLAIN TEXT (POST /api/proxy)]
-	10	TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 3.8/1.8 10/8 3.7/3.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.7/1102.8 334/1514 99.1/610.2][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)]
-	11	TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3.2/1.7 10/6 4.1/2.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.7/1060.2 334/1514 99.1/619.9][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)]
+	1	TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][cat: Web/5][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144][bytes ratio: -0.836 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 189.9/321.4 862/665 235.6/194.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 58.0/1060.5 557/1078 44.0/127.3][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][ContentType: video/mp4][UserAgent: ][PLAIN TEXT (GET /vlive.qq)]
+	2	TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3472.5/1028.9 44994/45054 11986.3/6713.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 95.7/1209.9 416/1314 113.3/325.4][URL: pic.1kxun.com/video_kankan/images/videos/18283-jfyj3.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)]
+	3	TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3465.9/3.9 44999/62 11989.6/12.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 135.6/1145.0 415/1314 149.1/400.0][URL: pic.1kxun.com/video_kankan/images/videos/3578-ywzj.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)]
+	4	TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2648.9/11.6 44748/253 10524.9/44.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.1/1126.9 415/1314 133.3/398.1][URL: pic.1kxun.com/video_kankan/images/videos/3713-ydm.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)]
+	5	TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com][bytes ratio: -0.887 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3006.5/1410.1 44996/45052 11222.2/7838.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 128.2/1131.9 423/1314 145.2/402.7][URL: pic.1kxun.com/video_kankan/images/videos/4657-jfyj.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)]
+	6	TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7/HTTP][cat: Streaming/17][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15.8/8.0 194/109 46.1/23.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 87.5/1207.9 411/1314 102.3/329.2][URL: jp.kankan.1kxun.mobi/api/movies/mp4script/10410?definition=true][StatusCode: 200][ContentType: text/xml][UserAgent: ][PLAIN TEXT (GET /api/movies/mp4)]
+	7	TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11.6/6.1 66/65 22.8/18.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 100.8/1095.5 415/1314 118.8/461.2][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)]
+	8	TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632.4/3.6 45001/65 14880.0/14.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.3/1099.3 415/1314 133.6/455.3][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)]
+	9	TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 48.8/52.0 298/178 81.1/57.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 235.8/538.8 499/1314 192.8/555.7][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][ContentType: application/x-www-form-urlencoded][UserAgent: Mozilla/5.0][PLAIN TEXT (POST /api/proxy)]
+	10	TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 3.8/1.8 10/8 3.7/3.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.7/1102.8 334/1514 99.1/610.2][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][ContentType: image/jpeg][UserAgent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)]
+	11	TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3.2/1.7 10/6 4.1/2.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.7/1060.2 334/1514 99.1/619.9][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][ContentType: image/jpeg][UserAgent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)]
 	12	UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 511.6/0.0 2044/0 526.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 557.6/0.0 590/0 29.6/0.0][PLAIN TEXT (NOTIFY )]
 	13	UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 511.5/0.0 2044/0 526.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 482/0 529.6/0.0 562/0 29.6/0.0][PLAIN TEXT (NOTIFY )]
 	14	TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352.0/2546.4 3289/14274 979.8/4917.2][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482.2/116.5 1514/386 581.5/101.3]
-	15	TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70.1/191.0 476/506 135.7/201.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197.2/200.0 499/372 175.9/149.1][URL: vv.video.qq.com/getvinfo][StatusCode: 100][PLAIN TEXT (POST /getvinfo HTTP/1.1)]
+	15	TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70.1/191.0 476/506 135.7/201.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197.2/200.0 499/372 175.9/149.1][URL: vv.video.qq.com/getvinfo][StatusCode: 100][ContentType: ][UserAgent: Mozilla/5.0][PLAIN TEXT (POST /getvinfo HTTP/1.1)]
 	16	UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3105.8/0.0 12289/0 3176.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342.0/0.0 342/0 0.0/0.0]
 	17	TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 60.0/44.0 176/133 82.0/54.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 512.5/459.4 1159/1464 468.4/535.8]
 	18	TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 2322.6/4176.2 15252/15254 4895.4/5951.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178.1/210.4 1067/1055 287.5/323.1][TLSv1.2][Client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA]
 	19	TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 746.1/1336.2 5987/5987 1865.2/2340.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177.7/210.4 1067/1055 287.4/323.1][TLSv1.2][Client: 1][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA]
 	20	TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 753.4/1500.5 5998/5998 1982.3/2596.6][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 189.5/231.9 1067/1055 298.9/340.1][TLSv1.2][Client: 1][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA]
-	21	TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7/HTTP][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6.2/16.0 36/43 13.3/19.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141.0/456.4 390/1314 143.8/511.5][URL: jp.kankan.1kxun.mobi/api/videos/10410.json][StatusCode: 200][PLAIN TEXT (GET /api/videos/10410.j)]
+	21	TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7/HTTP][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6.2/16.0 36/43 13.3/19.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141.0/456.4 390/1314 143.8/511.5][URL: jp.kankan.1kxun.mobi/api/videos/10410.json][StatusCode: 200][ContentType: application/json][UserAgent: ][PLAIN TEXT (GET /api/videos/10410.j)]
 	22	TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 981.8/1763.2 6000/6000 1977.8/2381.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 176.6/158.4 1051/639 283.0/188.4][TLSv1.2][Client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA]
-	23	TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7/HTTP][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5638.9/28.5 44799/53 14801.4/24.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139.4/366.0 468/1272 164.4/523.1][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][PLAIN TEXT (GET /api/videos/10410.j)]
+	23	TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7/HTTP][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5638.9/28.5 44799/53 14801.4/24.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139.4/366.0 468/1272 164.4/523.1][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][ContentType: application/x-javascript][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/10410.j)]
 	24	TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63.5/63.5 205/212 84.1/87.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201.2/297.4 471/1223 139.5/462.8]
 	25	UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488.2/0.0 17921/0 4136.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )]
-	26	TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7/HTTP][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5642.8/39.5 44798/70 14799.6/30.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 140.6/245.0 474/788 166.8/313.5][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][PLAIN TEXT (GET /api/videos/alsolikes/10410)]
-	27	TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28.5/41.5 74/83 34.4/41.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 142.8/216.8 486/687 171.7/271.5][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][PLAIN TEXT (GET /vlive.qq)]
+	26	TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7/HTTP][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5642.8/39.5 44798/70 14799.6/30.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 140.6/245.0 474/788 166.8/313.5][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][ContentType: application/json][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/alsolikes/10410)]
+	27	TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28.5/41.5 74/83 34.4/41.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 142.8/216.8 486/687 171.7/271.5][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][ContentType: ][UserAgent: ][PLAIN TEXT (GET /vlive.qq)]
 	28	UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110.0/0.0 15056/0 4451.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )]
 	29	UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198.4/0.0 14952/0 3584.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )]
 	30	UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4679.7/0.0 19869/0 5063.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )]
-	31	TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com][bytes ratio: 0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/8 2390.6/3919.0 11352/11551 4481.4/5397.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142.3/197.2 331/390 116.9/157.4][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)]
+	31	TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com][bytes ratio: 0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/8 2390.6/3919.0 11352/11551 4481.4/5397.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142.3/197.2 331/390 116.9/157.4][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][ContentType: text/html][UserAgent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][PLAIN TEXT (GET /comMagicanApi/composite/ap)]
 	32	UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5540.9/0.0 19870/0 5204.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )]
 	33	UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631.2/0.0 15155/0 3854.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179.0/0.0 179/0 0.0/0.0][PLAIN TEXT (SEARCH )]
 	34	UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126.4/0.0 24065/0 7503.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179.0/0.0 179/0 0.0/0.0][PLAIN TEXT (SEARCH )]
 	35	UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5631.9/0.0 18024/0 4842.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )]
-	36	TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 53.9/119.0 318/119 106.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88.0/190.7 212/446 62.2/180.6][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][PLAIN TEXT (GET /api/qq)]
+	36	TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 53.9/119.0 318/119 106.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88.0/190.7 212/446 62.2/180.6][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][ContentType: ][UserAgent: Mozilla/5.0][PLAIN TEXT (GET /api/qq)]
 	37	UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5441.7/0.0 17101/0 4875.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179.0/0.0 179/0 0.0/0.0][PLAIN TEXT (SEARCH )]
 	38	UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8173.7/0.0 27242/0 8848.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )]
 	39	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)]
diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out
index e7bc6d0f4..34879997f 100644
--- a/tests/result/6in4tunnel.pcap.out
+++ b/tests/result/6in4tunnel.pcap.out
@@ -12,7 +12,7 @@ JA3 Host Stats:
 	1	TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/TLS][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 52.8/36.3 142/142 56.7/54.5][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 165.1/934.6 629/1847 138.8/679.8][TLSv1.2][Client: mail.tomasu.net][JA3C: 812d8bce0f85487ba7834d36568ed586][Server: mail.tomasu.net][JA3S: 389ed42c02ebecc32e73aa31def07e14][Certificate SHA-1: 9C:00:A2:31:8F:66:C6:E2:D8:E8:1E:6F:52:49:AD:15:0A:8B:7C:68][Validity: 2014-01-29 00:00:00 - 2019-01-28 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
 	2	TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 20.1/23.5 98/97 33.1/35.6][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 383.0/468.8 1504/1911 467.5/575.9][TLSv1.2][Client: www.facebook.com][JA3C: eb7cdd4e7dea7a11b3016c3c9acbd2a3][Server: *.facebook.com][JA3S: 6806b8fe92d7d465715d771eb102ff04][Organization: Facebook, Inc.][Certificate SHA-1: 93:C6:FD:1A:84:90:BB:F1:B2:3B:49:A0:9B:1F:6F:0B:46:7A:31:41][Validity: 2014-08-28 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
 	3	ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1000/992 1000.8/1000.8 1001/1012 0.4/4.2][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 138.0/138.0 138/138 0.0/0.0]
-	4	TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Host: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 163.8/56.0 495/110 170.8/54.0][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131.0/251.5 248/680 52.4/247.4][URL: mail.tomasu.net/][StatusCode: 301][PLAIN TEXT (GET / HTTP/1.1)]
+	4	TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Host: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 163.8/56.0 495/110 170.8/54.0][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131.0/251.5 248/680 52.4/247.4][URL: mail.tomasu.net/][StatusCode: 301][ContentType: text/html][UserAgent: Wget/1.16.3 (linux-gnu)][PLAIN TEXT (GET / HTTP/1.1)]
 	5	ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes][PLAIN TEXT (ds 0/u6)]
 	6	UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/273 bytes][Host: star.c10r.facebook.com][PLAIN TEXT (facebook)]
 	7	UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/133 bytes <-> 1 pkts/261 bytes][Host: star.c10r.facebook.com][PLAIN TEXT (facebook)]
diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out
index f61f5b11d..d159305ab 100644
--- a/tests/result/EAQ.pcap.out
+++ b/tests/result/EAQ.pcap.out
@@ -1,8 +1,8 @@
 Google	23	11743	2
 EAQ	174	10092	29
 
-	1	TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/8 76.3/114.2 400/349 145.8/136.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 73.9/1666.3 193/2818 45.5/1240.4][URL: www.google.com.br/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg][StatusCode: 200][PLAIN TEXT (we50oDAAg HTTP/1.1)]
-	2	TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/10 50.8/49.5 139/89 54.1/39.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.0/191.0 154/602 38.8/237.3][URL: www.google.com/][StatusCode: 302][PLAIN TEXT (GET / HTTP/1.1)]
+	1	TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Host: www.google.com.br][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/8 76.3/114.2 400/349 145.8/136.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 73.9/1666.3 193/2818 45.5/1240.4][URL: www.google.com.br/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg][StatusCode: 200][ContentType: text/html][UserAgent: test][PLAIN TEXT (we50oDAAg HTTP/1.1)]
+	2	TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Host: www.google.com][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/10 50.8/49.5 139/89 54.1/39.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.0/191.0 154/602 38.8/237.3][URL: www.google.com/][StatusCode: 302][ContentType: text/html][UserAgent: test][PLAIN TEXT (GET / HTTP/1.1)]
 	3	UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 21509/21499 21642.0/21641.8 21860/21869 132.0/138.2][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58.0/58.0 58/58 0.0/0.0]
 	4	UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 20533/20540 21310.5/21309.5 21609/21619 449.8/445.7][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58.0/58.0 58/58 0.0/0.0]
 	5	UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 20541/20540 21309.5/21304.5 21618/21649 445.1/444.9][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58.0/58.0 58/58 0.0/0.0]
diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out
index 860c1c2ee..2d09187a8 100644
--- a/tests/result/KakaoTalk_chat.pcap.out
+++ b/tests/result/KakaoTalk_chat.pcap.out
@@ -23,8 +23,8 @@ JA3 Host Stats:
 	8	TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes][bytes ratio: 0.137 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/36 2833.0/4340.0 12590/13131 4126.4/4406.8][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 131.2/188.3 657/274 136.4/75.5]
 	9	TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3455.9/3426.0 12765/12806 4427.1/4479.6][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193.0/74.7 303/98 122.5/20.9]
 	10	TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91.178/TLS.Amazon][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107.0/56.5 199/108 92.0/51.5][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 96.7/533.3 146/1456 35.0/652.4][TLSv1][JA3C: d9ce50c62ab1fd5932da3c6b6d406c65][Server: *.push.samsungosp.com][JA3S: 986d18bb49fadf70a73a06ead3780d55 (INSECURE)][Organization: SAMSUNG ELECTRONICS CO., LTD][Certificate SHA-1: CE:C6:14:8F:23:A0:C2:C9:C5:9A:B0:BB:EC:1D:4A:7E:33:2A:43:12][Validity: 1999-12-31 15:02:10 - 2049-12-18 15:02:10][Cipher: TLS_RSA_WITH_RC4_128_MD5]
-	11	TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/40 114.7/101.7 264/210 105.6/76.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/104.5 243/339 73.2/104.9][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)]
-	12	TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5451.5/101.3 21457/215 9241.2/80.5][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/114.2 243/339 73.2/112.4][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)]
+	11	TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Host: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/40 114.7/101.7 264/210 105.6/76.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/104.5 243/339 73.2/104.9][URL: www.facebook.com/mobile/status.php][StatusCode: 204][ContentType: ][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)]
+	12	TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Host: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5451.5/101.3 21457/215 9241.2/80.5][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97.4/114.2 243/339 73.2/112.4][URL: www.facebook.com/mobile/status.php][StatusCode: 204][ContentType: ][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)]
 	13	TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][cat: Web/5][7 pkts/392 bytes <-> 7 pkts/392 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 136/98 3845.2/3844.4 13075/13111 4718.5/4734.8][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 56.0/56.0 56/56 0.0/0.0]
 	14	TCP 10.24.82.188:42332 <-> 210.103.240.15:443 [proto: 91/TLS][cat: Web/5][2 pkts/112 bytes <-> 3 pkts/168 bytes]
 	15	TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][2 pkts/139 bytes <-> 2 pkts/112 bytes]
diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out
index 8093905de..065143677 100644
--- a/tests/result/KakaoTalk_talk.pcap.out
+++ b/tests/result/KakaoTalk_talk.pcap.out
@@ -20,7 +20,8 @@ JA3 Host Stats:
 	5	TCP 10.24.82.188:59954 <-> 173.252.88.128:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][15 pkts/2932 bytes <-> 14 pkts/1092 bytes][bytes ratio: 0.457 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 140.8/117.3 494/295 163.1/91.9][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 195.5/78.0 735/189 228.1/34.6][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 07dddc59e60135c7b479d39c3ae686af][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA]
 	6	UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][12 pkts/1692 bytes <-> 10 pkts/1420 bytes][bytes ratio: 0.087 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1062/3176 4202.8/4246.6 4716/5160 1130.8/719.3][Pkt Len c2s/s2c min/avg/max/stddev: 122/142 141.0/142.0 150/142 6.1/0.0]
 	7	UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1105/1052 4266.5/3766.4 4903/4991 1244.7/1143.7][Pkt Len c2s/s2c min/avg/max/stddev: 122/122 140.2/140.2 142/142 5.7/5.7]
-	8	TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/51 406.0/438.7 2019/1166 732.2/514.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 139.6/87.1 665/262 198.8/71.4][URL: hkminorshort.weixin.qq.comhttp://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][PLAIN TEXT (POST http)]
+	8	TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/51 406.0/438.7 2019/1166 732.2/514.7][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 139.6/87.1 665/262 198.8/71.4][URL: hkminorshort.weixin.qq.comhttp://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][ContentType: application/octet-stream
+Content-Disposition: attachment][UserAgent: MicroMessenger Client][PLAIN TEXT (POST http)]
 	9	TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][cat: Web/5][6 pkts/543 bytes <-> 5 pkts/945 bytes][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 77/47 4920.2/8061.3 17431/17434 6679.4/7162.9][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 90.5/189.0 130/504 24.3/164.1]
 	10	TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes]
 	11	TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][cat: Web/5][2 pkts/225 bytes <-> 2 pkts/171 bytes][PLAIN TEXT (xiaomi.com)]
diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out
index 5a431f6df..887b740b7 100644
--- a/tests/result/anyconnect-vpn.pcap.out
+++ b/tests/result/anyconnect-vpn.pcap.out
@@ -26,12 +26,15 @@ JA3 Host Stats:
 	3	TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 90.8/63.5 593/619 144.9/135.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185.3/270.7 1261/1434 259.0/387.4][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
 	4	TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.8/26.1 48/88 21.3/28.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171.2/522.5 1175/1514 273.9/624.5][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][Server: *.pandion.viasat.com][JA3S: 01cbbd332fc4ce7d5925ebd825882842 (WEAK)][Organization: Viasat Inc.][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
 	5	TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866.5/28.1 11074/80 2946.8/34.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184.3/170.5 853/487 228.0/155.1][TLSv1.2][Client: slack.com][JA3C: d8dc5f8940df366b3a58b935569143e8][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
-	6	TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][cat: Web/5][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Host: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824.1/3641.6 10081/10083 3592.5/4384.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 191.9/340.3 373/450 153.1/173.5][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][PLAIN TEXT (GET /success.txt)]
+	6	TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][cat: Web/5][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Host: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824.1/3641.6 10081/10083 3592.5/4384.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 191.9/340.3 373/450 153.1/173.5][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][ContentType: ][UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)]
 	7	TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 161/CiscoVPN][cat: VPN/2][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648.5/5003.6 5001/5006 2494.5/1.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121.0/176.0 176/176 55.0/0.0]
 	8	ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][cat: Network/14][16 pkts/2784 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3027.8/0.0 3072/0 84.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174.0/0.0 174/0 0.0/0.0]
-	9	TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][cat: Web/5][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Host: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4.0/3.7 9/6 3.2/1.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108.3/333.6 308/1206 89.4/442.2][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)]
-	10	TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][cat: Web/5][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Host: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694.2/6150.7 10081/10078 4344.1/4052.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 162.7/258.0 368/450 145.3/192.0][URL: detectportal.firefox.com/success.txt][StatusCode: 200][PLAIN TEXT (GET /success.txt HTTP/1.1)]
-	11	TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][cat: Web/5][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Host: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2.3/3.0 6/3 2.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131.8/467.0 317/1261 107.1/561.5][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][PLAIN TEXT (HGET /ssdp/device)]
+	9	TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][cat: Web/5][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Host: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4.0/3.7 9/6 3.2/1.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108.3/333.6 308/1206 89.4/442.2][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][ContentType: text/xml][UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)]
+	10	TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][cat: Web/5][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Host: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694.2/6150.7 10081/10078 4344.1/4052.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 162.7/258.0 368/450 145.3/192.0][URL: detectportal.firefox.com/success.txt][StatusCode: 200][ContentType: ][UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)]
+	11	TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][cat: Web/5][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Host: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2.3/3.0 6/3 2.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131.8/467.0 317/1261 107.1/561.5][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][ContentType: application/xml
+
+<?xml version="1.0"?>
+<root xmlns="urn:sche][UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][PLAIN TEXT (HGET /ssdp/device)]
 	12	UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][9 pkts/1628 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174.0/0.0 11263/0 3646.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 180.9/0.0 206/0 23.9/0.0][PLAIN TEXT (companion)]
 	13	UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][cat: System/18][15 pkts/1542 bytes -> 0 pkts/0 bytes][Host: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464.8/0.0 1499/0 677.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 102.8/0.0 110/0 8.8/0.0][PLAIN TEXT ( EMFACNFCELEFFC)]
 	14	TCP 10.0.0.227:56914 <-> 52.37.243.173:443 [proto: 91.178/TLS.Amazon][cat: Web/5][8 pkts/847 bytes <-> 7 pkts/651 bytes][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/1 3340.0/2604.6 9634/9670 4129.5/3611.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105.9/93.0 131/129 30.9/31.2]
diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out
index f1496cbcd..ff029d269 100644
--- a/tests/result/instagram.pcap.out
+++ b/tests/result/instagram.pcap.out
@@ -12,10 +12,10 @@ JA3 Host Stats:
 
 
 	1	TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][103 pkts/150456 bytes <-> 47 pkts/3102 bytes][bytes ratio: 0.960 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18.6/40.9 1246/1247 136.9/216.6][Pkt Len c2s/s2c min/avg/max/stddev: 1128/66 1460.7/66.0 1464/66 32.9/0.0][PLAIN TEXT (dnlN/L)]
-	2	TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com][bytes ratio: -0.962 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.6/0.3 33/2 11.2/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/1484 86.0/1484.0 326/1484 69.3/0.0][URL: photos-h.ak.instagram.com/hphotos-ak-xap1/t51.2885-15/e35/10859994_1009433792434447_1627646062_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)]
-	3	TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2.4/0.5 62/2 11.3/0.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/396 73.0/1435.2 326/1484 42.2/209.5][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11417349_1610424452559638_1559096152_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)]
-	4	TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244.3/12.2 7254/372 1260.5/65.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.7/1250.6 325/1484 55.7/506.8][URL: photos-e.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11379148_1449120228745316_607477962_n.jpg?se=7][StatusCode: 200][PLAIN TEXT (GET /hphotos)]
-	5	TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.5/0.3 321/2 76.4/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/186 76.5/1423.0 319/1484 50.6/248.6][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e15/11386524_110257619317430_379513654_n.jpg][StatusCode: 200][PLAIN TEXT (GET /hphotos)]
+	2	TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Host: photos-h.ak.instagram.com][bytes ratio: -0.962 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5.6/0.3 33/2 11.2/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/1484 86.0/1484.0 326/1484 69.3/0.0][URL: photos-h.ak.instagram.com/hphotos-ak-xap1/t51.2885-15/e35/10859994_1009433792434447_1627646062_n.jpg?se=7][StatusCode: 200][ContentType: ][UserAgent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)]
+	3	TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2.4/0.5 62/2 11.3/0.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/396 73.0/1435.2 326/1484 42.2/209.5][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11417349_1610424452559638_1559096152_n.jpg?se=7][StatusCode: 200][ContentType: ][UserAgent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)]
+	4	TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Host: photos-e.ak.instagram.com][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244.3/12.2 7254/372 1260.5/65.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.7/1250.6 325/1484 55.7/506.8][URL: photos-e.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11379148_1449120228745316_607477962_n.jpg?se=7][StatusCode: 200][ContentType: ][UserAgent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)]
+	5	TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Host: photos-g.ak.instagram.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.5/0.3 321/2 76.4/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/186 76.5/1423.0 319/1484 50.6/248.6][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e15/11386524_110257619317430_379513654_n.jpg][StatusCode: 200][ContentType: ][UserAgent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)]
 	6	TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][34 pkts/5555 bytes <-> 34 pkts/40133 bytes][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 364.1/362.3 7669/7709 1462.3/1471.7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163.4/1180.4 1431/1464 317.9/494.8]
 	7	TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][cat: Web/5][25 pkts/37100 bytes <-> 24 pkts/1584 bytes][bytes ratio: 0.918 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1.2/1.3 7/7 1.7/1.7][Pkt Len c2s/s2c min/avg/max/stddev: 1484/66 1484.0/66.0 1484/66 0.0/0.0][PLAIN TEXT (inOCIM)]
 	8	TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][cat: Web/5][14 pkts/924 bytes <-> 20 pkts/28115 bytes][bytes ratio: -0.936 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 735.4/0.5 7321/3 2195.2/1.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66.0/1405.8 66/1484 0.0/309.0][PLAIN TEXT (dGQaNFV)]
@@ -27,13 +27,13 @@ JA3 Host Stats:
 	14	TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][8 pkts/896 bytes <-> 6 pkts/4671 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.8/12.0 71/47 27.1/20.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.0/778.5 292/1484 80.8/657.3][TLSv1][Client: igcdn-photos-a-a.akamaihd.net][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][Server: a248.e.akamai.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Organization: Akamai Technologies Inc.][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
 	15	TCP 192.168.0.103:33763 <-> 31.13.93.52:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][5 pkts/1279 bytes <-> 6 pkts/4118 bytes][bytes ratio: -0.526 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64.0/51.0 254/202 109.7/87.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 255.8/686.3 1015/1464 379.6/610.1]
 	16	TCP 192.168.0.103:33935 <-> 31.13.93.52:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][5 pkts/1279 bytes <-> 5 pkts/4020 bytes][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53.8/43.0 215/172 93.1/74.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 255.8/804.0 1015/1464 379.6/595.0]
-	17	TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com][bytes ratio: -0.722 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 61.3/0.5 184/1 86.7/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 78/488 139.8/1152.0 325/1484 107.0/469.5][URL: photos-f.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11424623_1608163109450421_663315883_n.jpg?se=7][StatusCode: 0][PLAIN TEXT (GET /hphotos)]
+	17	TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][4 pkts/559 bytes <-> 3 pkts/3456 bytes][Host: photos-f.ak.instagram.com][bytes ratio: -0.722 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 61.3/0.5 184/1 86.7/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 78/488 139.8/1152.0 325/1484 107.0/469.5][URL: photos-f.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11424623_1608163109450421_663315883_n.jpg?se=7][StatusCode: 0][ContentType: ][UserAgent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)]
 	18	TCP 192.168.0.103:56382 <-> 173.252.107.4:443 [proto: 91.211/TLS.Instagram][cat: SocialNetwork/6][9 pkts/1583 bytes <-> 8 pkts/1064 bytes][bytes ratio: 0.196 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 93.7/79.8 183/182 81.8/80.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175.9/133.0 530/231 154.8/70.1][TLSv1][Client: telegraph-ash.instagram.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA3S: acb741bcdffb787c5a52654c78645bdf][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
 	19	UDP 192.168.0.106:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][cat: Cloud/13][4 pkts/580 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( 413767116)]
 	20	ICMP 192.168.0.103:0 -> 192.168.0.103:0 [proto: 81/ICMP][cat: Network/14][5 pkts/510 bytes -> 0 pkts/0 bytes]
 	21	UDP 192.168.0.103:51219 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/305 bytes][Host: igcdn-photos-h-a.akamaihd.net][PLAIN TEXT (photos)]
-	22	TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/324 bytes -> 0 pkts/0 bytes][Host: photos-a.ak.instagram.com][URL: photos-a.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11248829_853782121373976_909936934_n.jpg?se=7][StatusCode: 0][PLAIN TEXT (GET /hphotos)]
-	23	TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com][URL: photos-g.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11379284_1651416798408214_1525641466_n.jpg][StatusCode: 0][PLAIN TEXT (GET /hphotos)]
+	22	TCP 192.168.0.103:37350 -> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/324 bytes -> 0 pkts/0 bytes][Host: photos-a.ak.instagram.com][URL: photos-a.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11248829_853782121373976_909936934_n.jpg?se=7][StatusCode: 0][ContentType: ][UserAgent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)]
+	23	TCP 192.168.0.103:58053 -> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][cat: SocialNetwork/6][1 pkts/321 bytes -> 0 pkts/0 bytes][Host: photos-g.ak.instagram.com][URL: photos-g.ak.instagram.com/hphotos-ak-xfa1/t51.2885-15/e35/11379284_1651416798408214_1525641466_n.jpg][StatusCode: 0][ContentType: ][UserAgent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)]
 	24	UDP 192.168.0.103:26540 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-g-a.akamaihd.net][PLAIN TEXT (photos)]
 	25	UDP 192.168.0.103:33603 <-> 8.8.8.8:53 [proto: 5.211/DNS.Instagram][cat: SocialNetwork/6][1 pkts/89 bytes <-> 1 pkts/209 bytes][Host: igcdn-photos-a-a.akamaihd.net][PLAIN TEXT (photos)]
 	26	TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][cat: Web/5][2 pkts/132 bytes <-> 1 pkts/66 bytes]
diff --git a/tests/result/malware.pcap.out b/tests/result/malware.pcap.out
index d0338986f..a82fe1a02 100644
--- a/tests/result/malware.pcap.out
+++ b/tests/result/malware.pcap.out
@@ -9,7 +9,7 @@ JA3 Host Stats:
 
 
 	1	TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91.225/TLS.OpenDNS][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71.1/74.8 240/249 99.0/103.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.4/651.1 571/1514 148.2/644.4][TLSv1.2][Client: www.internetbadguys.com][JA3C: f6ce47303dce394049af395fc6d0bc20][Server: api.opendns.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Organization: OpenDNS, Inc.][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
-	2	TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7.225/HTTP.OpenDNS][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Host: www.internetbadguys.com][URL: www.internetbadguys.com/][StatusCode: 0][PLAIN TEXT (GET / HTTP/1.1)]
+	2	TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7.225/HTTP.OpenDNS][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Host: www.internetbadguys.com][URL: www.internetbadguys.com/][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0][PLAIN TEXT (GET / HTTP/1.1)]
 	3	UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][cat: Malware/100][1 pkts/106 bytes <-> 1 pkts/110 bytes][Host: www.internetbadguys.com][PLAIN TEXT (internetbadguys)]
 	4	ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes]
 	5	TCP 192.168.7.7:33706 -> 144.139.247.220:80 [proto: 7/HTTP][cat: Malware/100][1 pkts/66 bytes -> 0 pkts/0 bytes]
diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out
index e36bf35a3..9f9198a73 100644
--- a/tests/result/mpeg.pcap.out
+++ b/tests/result/mpeg.pcap.out
@@ -1,3 +1,3 @@
 ntop	19	10643	1
 
-	1	TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.26/HTTP.ntop][cat: Network/14][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.4/5.9 77/41 28.4/14.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/68 83.8/988.9 214/1502 46.2/649.2][URL: luca.ntop.org/0.mp3][StatusCode: 200][PLAIN TEXT (GET /0.mp)]
+	1	TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.26/HTTP.ntop][cat: Network/14][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.4/5.9 77/41 28.4/14.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/68 83.8/988.9 214/1502 46.2/649.2][URL: luca.ntop.org/0.mp3][StatusCode: 200][ContentType: audio/mpeg][UserAgent: Wget/1.16.3 (darwin14.1.0)][PLAIN TEXT (GET /0.mp)]
diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out
index 0e9ef088f..d8f56eed5 100644
--- a/tests/result/netflix.pcap.out
+++ b/tests/result/netflix.pcap.out
@@ -9,42 +9,44 @@ JA3 Host Stats:
 	1	 192.168.1.7              	 4      
 
 
-	1	TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Host: 23.246.11.141][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33.1/21.3 522/505 50.6/40.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 75.7/1500.3 584/1514 68.6/116.2][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8][StatusCode: 206][PLAIN TEXT (oMrLRiWL2)]
-	2	TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Host: 23.246.3.140][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 117.0/55.1 5026/5044 455.1/247.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 80.3/1493.7 581/1514 81.4/139.9][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4][StatusCode: 206][PLAIN TEXT (oMrLRiWL)]
-	3	TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Host: 23.246.11.133][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 193.6/107.2 26359/26393 1829.1/1320.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79.1/1487.1 582/1514 78.6/167.2][URL: 23.246.11.133/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10][StatusCode: 206][PLAIN TEXT (oMrLRiWL1)]
-	4	TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Host: tp.akam.nflximg.com][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 418.0/45.1 30607/2159 2956.1/164.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78.6/1498.7 282/1514 20.9/140.2][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif][StatusCode: 200][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)]
+	1	TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Host: 23.246.11.141][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33.1/21.3 522/505 50.6/40.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 75.7/1500.3 584/1514 68.6/116.2][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8][StatusCode: 206][ContentType: ][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][PLAIN TEXT (oMrLRiWL2)]
+	2	TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Host: 23.246.3.140][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 117.0/55.1 5026/5044 455.1/247.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 80.3/1493.7 581/1514 81.4/139.9][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4][StatusCode: 206][ContentType: ][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][PLAIN TEXT (oMrLRiWL)]
+	3	TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Host: 23.246.11.133][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 193.6/107.2 26359/26393 1829.1/1320.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79.1/1487.1 582/1514 78.6/167.2][URL: 23.246.11.133/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10][StatusCode: 206][ContentType: ][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][PLAIN TEXT (oMrLRiWL1)]
+	4	TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Host: tp.akam.nflximg.com][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 418.0/45.1 30607/2159 2956.1/164.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78.6/1498.7 282/1514 20.9/140.2][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif][StatusCode: 200][ContentType: text/plain][UserAgent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)]
 	5	TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1183.5/604.0 69170/69192 8779.7/6263.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87.0/1379.1 293/1514 38.8/401.2][TLSv1.2][Client: art-s.nflximg.net][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: secure.cdn.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Organization: Netflix, Inc.][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
-	6	TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141][bytes ratio: -0.916 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 89.7/58.1 504/714 130.2/108.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 88.1/1463.8 582/1514 100.4/228.0][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo][StatusCode: 206][PLAIN TEXT (oMrLRiWL2)]
-	7	TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Host: art-2.nflximg.net][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/12 1100.9/41.1 30978/402 5646.5/66.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.3/1455.7 311/1514 38.3/273.5][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][PLAIN TEXT (GET /5758)]
+	6	TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Host: 23.246.11.141][bytes ratio: -0.916 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 89.7/58.1 504/714 130.2/108.5][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 88.1/1463.8 582/1514 100.4/228.0][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo][StatusCode: 206][ContentType: ][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][PLAIN TEXT (oMrLRiWL2)]
+	7	TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Host: art-2.nflximg.net][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/12 1100.9/41.1 30978/402 5646.5/66.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.3/1455.7 311/1514 38.3/273.5][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /5758)]
 	8	TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 743.5/738.5 30450/30505 3962.3/4074.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 413.7/588.1 1514/1514 553.3/593.8][TLSv1.2][Client: api-global.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
 	9	TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][bytes ratio: 0.727 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1378.0/2893.2 51181/51242 8187.7/11726.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1091.7/317.7 1514/1514 614.5/491.5][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-01 12:30:00 - 2029-01-01 12:30:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
-	10	TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2040 bytes <-> 34 pkts/45136 bytes][bytes ratio: -0.914 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 76.6/61.8 638/579 155.4/121.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1327.5 422/1514 70.8/457.1][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][PLAIN TEXT (GET /range/0)]
-	11	TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70.5/47.3 708/633 170.8/120.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89.0/1327.6 420/1514 74.7/456.9][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][PLAIN TEXT (GET /range/0)]
-	12	TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 424.7/42.9 3643/161 850.2/34.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93.3/1378.5 312/1514 58.6/421.3][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp][StatusCode: 200][PLAIN TEXT (GET /af)]
-	13	TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 52.7/51.8 354/582 86.6/111.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87.0/1349.3 422/1514 75.3/442.6][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][PLAIN TEXT (GET /range/0)]
+	10	TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2040 bytes <-> 34 pkts/45136 bytes][bytes ratio: -0.914 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 76.6/61.8 638/579 155.4/121.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1327.5 422/1514 70.8/457.1][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
+	11	TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70.5/47.3 708/633 170.8/120.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89.0/1327.6 420/1514 74.7/456.9][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
+	12	TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Host: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 424.7/42.9 3643/161 850.2/34.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93.3/1378.5 312/1514 58.6/421.3][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp][StatusCode: 200][ContentType: image/webp][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /af)]
+	13	TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 52.7/51.8 354/582 86.6/111.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87.0/1349.3 422/1514 75.3/442.6][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
 	14	TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1640.5/1231.6 30390/30443 6288.1/5475.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 210.9/964.4 1514/1514 376.2/637.4][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
-	15	TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 27.5/35.1 45/81 10.3/18.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101.8/1414.4 311/1514 64.1/365.9][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][PLAIN TEXT (GET /8b)]
-	16	TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267.2/77.0 1392/465 371.7/115.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.7/1294.6 424/1514 62.8/489.1][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][PLAIN TEXT (czGET /range/0)]
-	17	TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166.5/93.7 1389/1416 393.8/299.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97.4/1336.5 311/1514 80.8/428.1][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][PLAIN TEXT (GET /4e)]
-	18	TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3092.2/20.9 30728/135 9212.0/28.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241.7/1136.3 1514/1514 404.6/584.3][URL: appboot.netflix.com/appboot/NFAPPL-02-][StatusCode: 200][PLAIN TEXT (POST /appboot/NFAPPL)]
-	19	TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 253.5/199.3 1162/1131 295.3/282.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.8/1202.6 424/1514 61.0/563.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][PLAIN TEXT (GET /range/0)]
-	20	TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245.2/164.8 985/775 248.3/180.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1202.6 423/1514 71.0/563.7][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][PLAIN TEXT (GET /range/0)]
-	21	TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 264.6/325.6 1355/1382 336.5/386.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.9/1274.6 423/1514 62.5/516.6][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][PLAIN TEXT (GET /range/0)]
+	15	TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Host: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 27.5/35.1 45/81 10.3/18.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101.8/1414.4 311/1514 64.1/365.9][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /8b)]
+	16	TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267.2/77.0 1392/465 371.7/115.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.7/1294.6 424/1514 62.8/489.1][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (czGET /range/0)]
+	17	TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Host: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166.5/93.7 1389/1416 393.8/299.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97.4/1336.5 311/1514 80.8/428.1][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /4e)]
+	18	TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Host: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3092.2/20.9 30728/135 9212.0/28.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241.7/1136.3 1514/1514 404.6/584.3][URL: appboot.netflix.com/appboot/NFAPPL-02-][StatusCode: 200][ContentType: application/x-msl+json
+Date: Fri, 13 Jan 2017 14:50:48 GMT
+Se][UserAgent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /appboot/NFAPPL)]
+	19	TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 253.5/199.3 1162/1131 295.3/282.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.8/1202.6 424/1514 61.0/563.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
+	20	TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245.2/164.8 985/775 248.3/180.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.0/1202.6 423/1514 71.0/563.7][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
+	21	TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 264.6/325.6 1355/1382 336.5/386.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82.9/1274.6 423/1514 62.5/516.6][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
 	22	TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48.2/42.4 437/291 100.9/61.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290.2/895.3 1514/1514 441.6/626.2][TLSv1.2][Client: api-global.netflix.com][JA3C: d8bfad189bd26664e04570c104ee8418][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
-	23	TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 247.8/270.5 635/1046 213.2/317.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80.4/1159.2 426/1514 62.4/602.9][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386][StatusCode: 200][PLAIN TEXT (fGET /range/0)]
-	24	TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258.1/237.1 1250/1203 330.7/380.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84.2/1212.1 424/1514 58.1/550.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473][StatusCode: 200][PLAIN TEXT (GET /range/0)]
-	25	TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168.5/222.6 1162/1317 246.3/336.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84.2/1212.2 426/1514 60.5/550.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846][StatusCode: 200][PLAIN TEXT (GET /range/0)]
-	26	TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 297.7/146.2 1317/530 354.0/131.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85.1/1159.5 423/1514 63.5/589.6][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467][StatusCode: 200][PLAIN TEXT (GET /range/0)]
+	23	TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 247.8/270.5 635/1046 213.2/317.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80.4/1159.2 426/1514 62.4/602.9][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (fGET /range/0)]
+	24	TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258.1/237.1 1250/1203 330.7/380.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84.2/1212.1 424/1514 58.1/550.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
+	25	TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168.5/222.6 1162/1317 246.3/336.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84.2/1212.2 426/1514 60.5/550.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
+	26	TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 297.7/146.2 1317/530 354.0/131.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85.1/1159.5 423/1514 63.5/589.6][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
 	27	TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][bytes ratio: 0.624 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 47.7/84.3 332/331 94.1/94.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 810.9/308.7 1514/1514 699.9/492.9][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
 	28	TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.9/32.9 266/316 64.3/69.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237.4/739.0 1514/1514 406.7/541.9][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
-	29	TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222.2/250.0 636/1132 227.5/336.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.4/1180.4 424/1514 58.9/569.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564][StatusCode: 200][PLAIN TEXT (GET /range/0)]
-	30	TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238.4/289.2 1152/1208 301.3/406.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 84.7/1118.7 425/1514 60.1/613.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294][StatusCode: 200][PLAIN TEXT (GET /range/0)]
-	31	TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 254.8/290.4 811/1178 266.6/325.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87.0/1121.1 424/1514 63.5/610.6][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][PLAIN TEXT (GET /range/0)]
+	29	TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222.2/250.0 636/1132 227.5/336.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83.4/1180.4 424/1514 58.9/569.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
+	30	TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238.4/289.2 1152/1208 301.3/406.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 84.7/1118.7 425/1514 60.1/613.7][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
+	31	TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 254.8/290.4 811/1178 266.6/325.2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87.0/1121.1 424/1514 63.5/610.6][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /range/0)]
 	32	TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46.4/54.5 282/127 72.4/34.7][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 485.7/490.6 1514/1514 602.5/610.3][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-01 12:30:00 - 2029-01-01 12:30:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
-	33	TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2877.0/42.1 31088/123 8921.3/32.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714.4/500.3 1514/1514 676.3/651.2][URL: api-global.netflix.com/msl/nrdjs/2.1.2][StatusCode: 200][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)]
+	33	TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Host: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2877.0/42.1 31088/123 8921.3/32.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714.4/500.3 1514/1514 676.3/651.2][URL: api-global.netflix.com/msl/nrdjs/2.1.2][StatusCode: 200][ContentType: application/x-msl+json][UserAgent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)]
 	34	TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][bytes ratio: -0.231 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64.7/96.0 322/423 89.1/120.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 314.5/696.8 1514/1514 477.1/667.4][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-01 12:30:00 - 2029-01-01 12:30:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
 	35	TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][bytes ratio: -0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2129.1/2946.1 30585/30636 7105.0/8237.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 274.0/414.4 1514/1514 437.3/546.1][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][Server: api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
-	36	TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4565.4/33.9 30963/63 10780.3/17.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94.1/1119.8 311/1514 72.5/643.7][URL: art-2.nflximg.net/87b33/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg][StatusCode: 200][PLAIN TEXT (GET /87)]
+	36	TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Host: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4565.4/33.9 30963/63 10780.3/17.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94.1/1119.8 311/1514 72.5/643.7][URL: art-2.nflximg.net/87b33/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /87)]
 	37	TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1923.1/15.8 30431/72 7360.8/24.2][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 382.0/327.2 1514/1514 559.0/501.4][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
 	38	TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][bytes ratio: 0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2017.3/13.7 30033/55 7487.5/20.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 399.4/342.7 1514/1514 568.6/514.1][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][Server: customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
 	39	TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 217.9/303.2 2449/2522 644.8/743.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 325.2/386.1 1514/1514 478.5/534.2][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][Server: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Organization: Netflix, Inc.][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-01 12:30:00 - 2029-01-01 12:30:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out
index d68373272..7b719b0cf 100644
--- a/tests/result/ocs.pcap.out
+++ b/tests/result/ocs.pcap.out
@@ -11,16 +11,16 @@ JA3 Host Stats:
 	1	 192.168.180.2            	 4      
 
 
-	1	TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 63.9/0.0 3996/0 234.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 59.6/0.0 715/0 25.1/0.0][URL: ocu03.labgency.ws/catalog/vod?v=3][StatusCode: 0][PLAIN TEXT (POST /catalog/vod)]
+	1	TCP 192.168.180.2:49881 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][751 pkts/44783 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 63.9/0.0 3996/0 234.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 59.6/0.0 715/0 25.1/0.0][URL: ocu03.labgency.ws/catalog/vod?v=3][StatusCode: 0][ContentType: ][UserAgent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST /catalog/vod)]
 	2	TCP 192.168.180.2:36680 -> 178.248.208.54:443 [proto: 91.218/TLS.OCS][cat: Media/1][20 pkts/6089 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 210.4/0.0 998/0 326.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 304.5/0.0 1440/0 368.0/0.0][TLSv1][Client: ocs.labgency.ws][JA3C: 0534a22b266a64a5cc9a90f7b5c483cc]
-	3	TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.7/0.0 91/0 29.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 65.2/0.0 208/0 23.6/0.0][URL: www.ocs.fr/data_plateforme/program/18496/tv_detail_mortdunpourw0012236_72f6c.jpg][StatusCode: 0][PLAIN TEXT (GET /data)]
+	3	TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][cat: Media/1][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.7/0.0 91/0 29.9/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 65.2/0.0 208/0 23.6/0.0][URL: www.ocs.fr/data_plateforme/program/18496/tv_detail_mortdunpourw0012236_72f6c.jpg][StatusCode: 0][ContentType: ][UserAgent: ][PLAIN TEXT (GET /data)]
 	4	TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/2715 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144.7/0.0 1003/0 238.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 40/0 135.8/0.0 1209/0 253.5/0.0][TLSv1][Client: settings.crashlytics.com][JA3C: b030dba3ca09e2e484b9fa75adc4039c]
 	5	TCP 192.168.180.2:32946 -> 64.233.184.188:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][12 pkts/2212 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 39.4/0.0 75/0 26.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 184.3/0.0 1287/0 339.0/0.0][TLSv1.2][Client: mtalk.google.com][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1]
 	6	TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/TLS.Google][cat: Web/5][12 pkts/1608 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 56.9/0.0 112/0 36.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 134.0/0.0 649/0 165.6/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66]
 	7	TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/TLS.Google][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 49.5/0.0 103/0 38.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 111.4/0.0 425/0 106.3/0.0][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66]
-	8	TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271.6/0.0 1043/0 394.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 182.0/0.0 824/0 287.1/0.0][URL: ocu03.labgency.ws/catalog/vod?v=3][StatusCode: 0][PLAIN TEXT (POST /catalog/vod)]
-	9	TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 196.7/0.0 503/0 209.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77.1/0.0 136/0 37.3/0.0][URL: api.eu01.capptain.com/ip-to-country][StatusCode: 0][PLAIN TEXT (GET /ip)]
-	10	TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 45.8/0.0 101/0 38.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 79.8/0.0 211/0 58.7/0.0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][StatusCode: 0][PLAIN TEXT (GET /xmpp)]
+	8	TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271.6/0.0 1043/0 394.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 182.0/0.0 824/0 287.1/0.0][URL: ocu03.labgency.ws/catalog/vod?v=3][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/5][PLAIN TEXT (POST /catalog/vod)]
+	9	TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 196.7/0.0 503/0 209.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77.1/0.0 136/0 37.3/0.0][URL: api.eu01.capptain.com/ip-to-country][StatusCode: 0][ContentType: ][UserAgent: ][PLAIN TEXT (GET /ip)]
+	10	TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 45.8/0.0 101/0 38.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 79.8/0.0 211/0 58.7/0.0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][StatusCode: 0][ContentType: ][UserAgent: ][PLAIN TEXT (GET /xmpp)]
 	11	TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes]
 	12	UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/77 bytes -> 0 pkts/0 bytes][Host: xmpp.device06.eu01.capptain.com][PLAIN TEXT (device06)]
 	13	UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][cat: SoftwareUpdate/19][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com][PLAIN TEXT (android)]
diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out
index f3122a856..230f75864 100644
--- a/tests/result/pps.pcap.out
+++ b/tests/result/pps.pcap.out
@@ -3,74 +3,74 @@ HTTP	1502	1849543	62
 SSDP	63	17143	10
 Google	2	1093	1
 
-	1	TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.7 0/77 0.0/7.9][Pkt Len c2s/s2c min/avg/max/stddev: 303/522 303.0/1312.5 303/1314 0.0/34.0][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_2.jpg?no=2][StatusCode: 200][PLAIN TEXT (GET /preimage/20160506/f0/1)]
-	2	TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.4 0/51 0.0/6.5][Pkt Len c2s/s2c min/avg/max/stddev: 303/180 303.0/1311.9 303/1314 0.0/49.3][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_1.jpg?no=1][StatusCode: 200][PLAIN TEXT (GET /preimage/20160506/f0/1)]
-	3	TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com][bytes ratio: -0.998 (Download)][IAT c2s/s2c min/avg/max/stddev: 35/0 35.0/0.4 35/35 0.0/2.5][Pkt Len c2s/s2c min/avg/max/stddev: 198/566 200.0/1310.0 202/1314 2.0/50.0][URL: static.qiyi.com/ext/common/qisu2/downloader.ini][StatusCode: 200][PLAIN TEXT (GET /ext/common/qisu2/downloade)]
-	4	TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.3 0/3 0.0/0.8][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426.0/1302.8 426/1314 0.0/56.2][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de][StatusCode: 0][PLAIN TEXT (GET /videos/v)]
-	5	TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7/HTTP][cat: Web/5][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 68.1/0.0 307/0 127.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002.1/1239.1 1314/1314 433.8/214.6][URL: bcu.ff.avast.com/bc2][StatusCode: 200][PLAIN TEXT (POST /bc2 HTTP/1.1)]
+	1	TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.7 0/77 0.0/7.9][Pkt Len c2s/s2c min/avg/max/stddev: 303/522 303.0/1312.5 303/1314 0.0/34.0][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_2.jpg?no=2][StatusCode: 200][ContentType: ][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)]
+	2	TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.4 0/51 0.0/6.5][Pkt Len c2s/s2c min/avg/max/stddev: 303/180 303.0/1311.9 303/1314 0.0/49.3][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_1.jpg?no=1][StatusCode: 200][ContentType: ][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)]
+	3	TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com][bytes ratio: -0.998 (Download)][IAT c2s/s2c min/avg/max/stddev: 35/0 35.0/0.4 35/35 0.0/2.5][Pkt Len c2s/s2c min/avg/max/stddev: 198/566 200.0/1310.0 202/1314 2.0/50.0][URL: static.qiyi.com/ext/common/qisu2/downloader.ini][StatusCode: 200][ContentType: ][UserAgent: Downloader][PLAIN TEXT (GET /ext/common/qisu2/downloade)]
+	4	TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.3 0/3 0.0/0.8][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426.0/1302.8 426/1314 0.0/56.2][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de][StatusCode: 0][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /videos/v)]
+	5	TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7/HTTP][cat: Web/5][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 68.1/0.0 307/0 127.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002.1/1239.1 1314/1314 433.8/214.6][URL: bcu.ff.avast.com/bc2][StatusCode: 200][ContentType: application/x-enc][UserAgent: {D699054D-1699-47D2-9B2B-E96F438C1160}][PLAIN TEXT (POST /bc2 HTTP/1.1)]
 	6	UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 46/0 392.9/0.0 2654/0 854.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 473/0 518.2/0.0 553/0 30.0/0.0][PLAIN TEXT (NOTIFY )]
-	7	TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com][URL: cache.video.iqiyi.com/vi/500494600/562e26caed5695900212eb3259070f8a/?src=1_11_114][StatusCode: 200][PLAIN TEXT (GET /vi/500494600/562)]
-	8	TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am][bytes ratio: 0.653 (Upload)][IAT c2s/s2c min/avg/max/stddev: 117/118 216.0/217.0 315/316 99.0/99.0][Pkt Len c2s/s2c min/avg/max/stddev: 946/199 948.0/199.0 952/199 2.8/0.0][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][PLAIN TEXT (GET /cp)]
+	7	TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com][URL: cache.video.iqiyi.com/vi/500494600/562e26caed5695900212eb3259070f8a/?src=1_11_114][StatusCode: 200][ContentType: ][UserAgent: ][PLAIN TEXT (GET /vi/500494600/562)]
+	8	TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am][bytes ratio: 0.653 (Upload)][IAT c2s/s2c min/avg/max/stddev: 117/118 216.0/217.0 315/316 99.0/99.0][Pkt Len c2s/s2c min/avg/max/stddev: 946/199 948.0/199.0 952/199 2.8/0.0][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
 	9	TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes][PLAIN TEXT (HTTP/1.1 200 OK)]
-	10	TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 19/19 26.7/27.0 34/35 6.1/6.5][Pkt Len c2s/s2c min/avg/max/stddev: 198/526 200.0/528.0 202/530 1.6/1.6][URL: static.qiyi.com/ext/common/qisu2/masauto.ini][StatusCode: 200][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)]
-	11	TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com][URL: meta.video.qiyi.com/20160625/a5/bf/413f91ad101e780a6b63f826e28b9920.xml][StatusCode: 200][PLAIN TEXT (GET /20160625/a)]
-	12	TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1][StatusCode: 200][PLAIN TEXT (GET /cp)]
-	13	TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][PLAIN TEXT (GET /cp)]
-	14	TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][URL: api.cupid.iqiyi.com/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae][StatusCode: 200][PLAIN TEXT (GET /track2)]
-	15	TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][URL: api.cupid.iqiyi.com/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae][StatusCode: 200][PLAIN TEXT (GET /track2)]
-	16	TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E][StatusCode: 200][PLAIN TEXT (GET /b)]
+	10	TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 19/19 26.7/27.0 34/35 6.1/6.5][Pkt Len c2s/s2c min/avg/max/stddev: 198/526 200.0/528.0 202/530 1.6/1.6][URL: static.qiyi.com/ext/common/qisu2/masauto.ini][StatusCode: 200][ContentType: ][UserAgent: masauto_runxx][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)]
+	11	TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com][URL: meta.video.qiyi.com/20160625/a5/bf/413f91ad101e780a6b63f826e28b9920.xml][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /20160625/a)]
+	12	TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
+	13	TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
+	14	TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][URL: api.cupid.iqiyi.com/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /track2)]
+	15	TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][URL: api.cupid.iqiyi.com/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /track2)]
+	16	TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E][StatusCode: 200][ContentType: ][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /b)]
 	17	UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3002.0/0.0 3008/0 3.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )]
 	18	UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/0 752.8/0.0 2839/0 1188.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 165/0 171.0/0.0 175/0 4.5/0.0][PLAIN TEXT (SEARCH )]
-	19	TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7/HTTP][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com][URL: click.hm.baidu.com/clk?53e25e33e064c657c06b558e5c3c33fd][StatusCode: 302][PLAIN TEXT (GET /clk)]
-	20	TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/2efc8cd5fbe0f4ee498fb1c2fc1de8b6/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012][StatusCode: 200][PLAIN TEXT (GET /2efc)]
-	21	TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%][StatusCode: 200][PLAIN TEXT (GET /b)]
-	22	TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b][StatusCode: 200][PLAIN TEXT (GET /videos/v)]
-	23	TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7/HTTP][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com][URL: click.hm.baidu.com/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0][StatusCode: 204][PLAIN TEXT (GET /mkt.gif)]
-	24	TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A//vodguide.pps.iqiyi.com/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26b][StatusCode: 200][PLAIN TEXT (GET /b)]
-	25	TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=2265][StatusCode: 200][PLAIN TEXT (GET /b)]
-	26	TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/downloadhelper.ini][StatusCode: 200][PLAIN TEXT (GET /ext/common/qisu2/downloadh)]
-	27	TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][PLAIN TEXT (GET /cp)]
-	28	TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][PLAIN TEXT (GET /cp)]
-	29	TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][PLAIN TEXT (GET /cp)]
-	30	TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][PLAIN TEXT (GET /cp)]
-	31	TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&][StatusCode: 200][PLAIN TEXT (GET /core)]
-	32	TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s][StatusCode: 200][PLAIN TEXT (GET /cp)]
-	33	TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com][URL: s1.symcb.com/pca3-g5.crl][StatusCode: 200][PLAIN TEXT (GET /pca3)]
-	34	TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0][StatusCode: 200][PLAIN TEXT (GET /core)]
-	35	TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com][URL: clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz][StatusCode: 200][PLAIN TEXT (GET /ocsp/MEkwRzBFMEMwQ)]
+	19	TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7/HTTP][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com][URL: click.hm.baidu.com/clk?53e25e33e064c657c06b558e5c3c33fd][StatusCode: 302][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /clk)]
+	20	TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/2efc8cd5fbe0f4ee498fb1c2fc1de8b6/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012][StatusCode: 200][ContentType: ][UserAgent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][PLAIN TEXT (GET /2efc)]
+	21	TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%][StatusCode: 200][ContentType: ][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /b)]
+	22	TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b][StatusCode: 200][ContentType: ][UserAgent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][PLAIN TEXT (GET /videos/v)]
+	23	TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7/HTTP][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com][URL: click.hm.baidu.com/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0][StatusCode: 204][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /mkt.gif)]
+	24	TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A//vodguide.pps.iqiyi.com/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26b][StatusCode: 200][ContentType: ][UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][PLAIN TEXT (GET /b)]
+	25	TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=2265][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.307][PLAIN TEXT (GET /b)]
+	26	TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/downloadhelper.ini][StatusCode: 200][ContentType: ][UserAgent: DownloadHelper_runxx][PLAIN TEXT (GET /ext/common/qisu2/downloadh)]
+	27	TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
+	28	TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
+	29	TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
+	30	TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
+	31	TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
+	32	TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s][StatusCode: 200][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
+	33	TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com][URL: s1.symcb.com/pca3-g5.crl][StatusCode: 200][ContentType: ][UserAgent: Microsoft-CryptoAPI/6.1][PLAIN TEXT (GET /pca3)]
+	34	TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
+	35	TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com][URL: clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz][StatusCode: 200][ContentType: ][UserAgent: Microsoft-CryptoAPI/6.1][PLAIN TEXT (GET /ocsp/MEkwRzBFMEMwQ)]
 	36	UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3001.0/0.0 3005/0 2.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179.0/0.0 179/0 0.0/0.0][PLAIN TEXT (SEARCH )]
 	37	UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3000/0 3003.8/0.0 3014/0 5.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )]
 	38	UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3007.6/0.0 3038/0 15.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )]
-	39	TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 0][PLAIN TEXT (GET /cp)]
-	40	TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com][URL: api.cupid.iqiyi.com/ccs][StatusCode: 200][PLAIN TEXT (GET /ccs HTTP/1.1)]
-	41	TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][URL: msg.video.qiyi.com/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465][StatusCode: 200][PLAIN TEXT (GET /tmpstats.gif)]
-	42	TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E][StatusCode: 200][PLAIN TEXT (GET /core)]
+	39	TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 0][ContentType: ][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
+	40	TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com][URL: api.cupid.iqiyi.com/ccs][StatusCode: 200][ContentType: ][UserAgent: CookieClear_runxx][PLAIN TEXT (GET /ccs HTTP/1.1)]
+	41	TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][URL: msg.video.qiyi.com/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465][StatusCode: 200][ContentType: ][UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][PLAIN TEXT (GET /tmpstats.gif)]
+	42	TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
 	43	UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )]
-	44	TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/2efc8cd5fbe0f4ee498fb1c2fc1de8b6/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?&tn=137719][StatusCode: 200][PLAIN TEXT (GET /2efc)]
-	45	TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047][StatusCode: 200][PLAIN TEXT (GET /core)]
-	46	TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6][StatusCode: 200][PLAIN TEXT (GET /core)]
-	47	TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04][StatusCode: 200][PLAIN TEXT (GET /core)]
-	48	TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5][StatusCode: 200][PLAIN TEXT (GET /core)]
-	49	TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&][StatusCode: 200][PLAIN TEXT (GET /core)]
-	50	TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com][URL: cmc.tanx.com/andc?andc_uid=6693851615885049011&andc_ver=1][StatusCode: 200][PLAIN TEXT (GET /andc)]
-	51	TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masblog.ini][StatusCode: 200][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)]
-	52	TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)]
-	53	TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com][URL: iplocation.geo.qiyi.com/cityjson][StatusCode: 200][PLAIN TEXT (GET /cityjson HTTP/1.1)]
-	54	TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/index.php/ToolBox/version][StatusCode: 502][PLAIN TEXT (GET /comMagicanApi/index.php/To)]
-	55	TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masflag.ini][StatusCode: 200][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)]
-	56	TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E][StatusCode: 0][PLAIN TEXT (GET /core)]
-	57	TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/k][StatusCode: 200][PLAIN TEXT (GET /k HTTP/1.1)]
-	58	TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][URL: nl.rcd.iqiyi.com/apis/urc/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30][StatusCode: 200][PLAIN TEXT (GET /apis/urc/setrc)]
-	59	TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][URL: nl.rcd.iqiyi.com/apis/urc/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30][StatusCode: 200][PLAIN TEXT (GET /apis/urc/setrc)]
-	60	TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147][StatusCode: 200][PLAIN TEXT (GET /b)]
-	61	TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/QYAgent.ini][StatusCode: 200][PLAIN TEXT (GET /ext/common/qisu2/Q)]
-	62	TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000][StatusCode: 200][PLAIN TEXT (GET /core)]
-	63	TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240][StatusCode: 200][PLAIN TEXT (GET /b)]
-	64	TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][URL: msg.video.qiyi.com/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo][StatusCode: 200][PLAIN TEXT (GET /tmpstats.gif)]
+	44	TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/2efc8cd5fbe0f4ee498fb1c2fc1de8b6/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?&tn=137719][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /2efc)]
+	45	TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
+	46	TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
+	47	TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
+	48	TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
+	49	TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
+	50	TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com][URL: cmc.tanx.com/andc?andc_uid=6693851615885049011&andc_ver=1][StatusCode: 200][ContentType: ][UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][PLAIN TEXT (GET /andc)]
+	51	TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masblog.ini][StatusCode: 200][ContentType: ][UserAgent: masblog_runxx][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)]
+	52	TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][ContentType: ][UserAgent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][PLAIN TEXT (GET /comMagicanApi/composite/ap)]
+	53	TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com][URL: iplocation.geo.qiyi.com/cityjson][StatusCode: 200][ContentType: ][UserAgent: QYAgent_runxx][PLAIN TEXT (GET /cityjson HTTP/1.1)]
+	54	TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/index.php/ToolBox/version][StatusCode: 502][ContentType: ][UserAgent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][PLAIN TEXT (GET /comMagicanApi/index.php/To)]
+	55	TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masflag.ini][StatusCode: 200][ContentType: ][UserAgent: masflag_runxx][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)]
+	56	TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E][StatusCode: 0][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
+	57	TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/k][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /k HTTP/1.1)]
+	58	TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][URL: nl.rcd.iqiyi.com/apis/urc/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30][StatusCode: 200][ContentType: ][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /apis/urc/setrc)]
+	59	TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][URL: nl.rcd.iqiyi.com/apis/urc/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30][StatusCode: 200][ContentType: ][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /apis/urc/setrc)]
+	60	TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147][StatusCode: 200][ContentType: ][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /b)]
+	61	TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/QYAgent.ini][StatusCode: 200][ContentType: ][UserAgent: QYAgent_runxx][PLAIN TEXT (GET /ext/common/qisu2/Q)]
+	62	TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][URL: msg.71.am/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000][StatusCode: 200][ContentType: ][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
+	63	TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240][StatusCode: 200][ContentType: ][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /b)]
+	64	TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][URL: msg.video.qiyi.com/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo][StatusCode: 200][ContentType: ][UserAgent: QIYiAngent][PLAIN TEXT (GET /tmpstats.gif)]
 	65	TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 200 OK)]
 	66	UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )]
 	67	TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 302 Found)]
-	68	TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_3.jpg?no=3][StatusCode: 0][PLAIN TEXT (GET /preimage/20160506/f0/1)]
+	68	TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_3.jpg?no=3][StatusCode: 0][ContentType: ][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)]
 	69	TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 200 OK)]
 	70	UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )]
 	71	UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )]
diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out
index 3af927e90..9464a3cd1 100644
--- a/tests/result/quickplay.pcap.out
+++ b/tests/result/quickplay.pcap.out
@@ -4,24 +4,24 @@ Facebook	6	1740	3
 Google	2	378	1
 Amazon	2	1469	1
 
-	1	TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/2021 3144.0/2861.7 23289/5776 4036.1/929.1][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511.5/933.3 587/1456 26.6/493.8][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
-	2	TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 7708.6/7600.5 23311/23043 9303.4/8905.3][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502.0/1143.5 502/1456 0.0/288.0][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
-	3	TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434.2/13893.5 23447/24732 10021.5/10838.5][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502.0/1174.0 502/1456 0.0/263.5][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
-	4	TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.204 (Download)][IAT c2s/s2c min/avg/max/stddev: 2241/2426 9534.0/3315.0 23958/4204 10199.5/889.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/128 502.0/1013.3 502/1456 0.0/626.0][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
-	5	TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3284/3295 3390.3/3322.0 3535/3349 106.0/27.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/188 502.0/758.7 502/1456 0.0/525.4][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
-	6	TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/categories/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 200][PLAIN TEXT (GET /solr/RestApiSingTel)]
-	7	TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/categories/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 200][PLAIN TEXT (GET /solr/RestApiSingTel)]
-	8	TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
-	9	TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699][StatusCode: 0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
-	10	TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com][URL: play-singtelhawk.quickplay.com/vstb/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=091][StatusCode: 0][PLAIN TEXT (GET /vstb/playlist)]
-	11	TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com][URL: api.account.xiaomi.com/pass/v2/safe/user/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D][StatusCode: 200][PLAIN TEXT (GET /pass/v)]
-	12	TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmsnssync][StatusCode: 0][PLAIN TEXT (POST http)]
-	13	TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/getcontactlabellist][StatusCode: 200][PLAIN TEXT (POST http)]
-	14	TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com][URL: hkminorshort.weixin.qq.comhttp://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][PLAIN TEXT (POST http)]
-	15	TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/androidgcmreg][StatusCode: 200][PLAIN TEXT (POST http)]
-	16	TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmbatchemojidownload][StatusCode: 200][PLAIN TEXT (POST http)]
-	17	TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)]
-	18	TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)]
-	19	TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)]
-	20	TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 0][PLAIN TEXT (GET /solr/RestApiSingTel)]
-	21	TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com][URL: clients3.google.com/generate_204][StatusCode: 204][PLAIN TEXT (GET /generate)]
+	1	TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/2021 3144.0/2861.7 23289/5776 4036.1/929.1][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511.5/933.3 587/1456 26.6/493.8][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobil][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
+	2	TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 7708.6/7600.5 23311/23043 9303.4/8905.3][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502.0/1143.5 502/1456 0.0/288.0][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobil][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
+	3	TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434.2/13893.5 23447/24732 10021.5/10838.5][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502.0/1174.0 502/1456 0.0/263.5][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobil][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
+	4	TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.204 (Download)][IAT c2s/s2c min/avg/max/stddev: 2241/2426 9534.0/3315.0 23958/4204 10199.5/889.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/128 502.0/1013.3 502/1456 0.0/626.0][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobil][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
+	5	TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3284/3295 3390.3/3322.0 3535/3349 106.0/27.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/188 502.0/758.7 502/1456 0.0/525.4][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobil][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
+	6	TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/categories/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 200][ContentType: ][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)]
+	7	TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/categories/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 200][ContentType: ][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)]
+	8	TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobil][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
+	9	TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7/HTTP][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobil][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)]
+	10	TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com][URL: play-singtelhawk.quickplay.com/vstb/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=091][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobil][PLAIN TEXT (GET /vstb/playlist)]
+	11	TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com][URL: api.account.xiaomi.com/pass/v2/safe/user/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D][StatusCode: 200][ContentType: ][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /pass/v)]
+	12	TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmsnssync][StatusCode: 0][ContentType: ][UserAgent: MicroMessenger Client][PLAIN TEXT (POST http)]
+	13	TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/getcontactlabellist][StatusCode: 200][ContentType: ][UserAgent: MicroMessenger Client][PLAIN TEXT (POST http)]
+	14	TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com][URL: hkminorshort.weixin.qq.comhttp://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][ContentType: ][UserAgent: MicroMessenger Client][PLAIN TEXT (POST http)]
+	15	TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/androidgcmreg][StatusCode: 200][ContentType: ][UserAgent: MicroMessenger Client][PLAIN TEXT (POST http)]
+	16	TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com][URL: hkextshort.weixin.qq.comhttp://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmbatchemojidownload][StatusCode: 200][ContentType: ][UserAgent: MicroMessenger Client][PLAIN TEXT (POST http)]
+	17	TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][ContentType: ][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)]
+	18	TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][ContentType: ][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)]
+	19	TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][ContentType: ][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build/KOT49H)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)]
+	20	TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 0][ContentType: ][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)]
+	21	TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com][URL: clients3.google.com/generate_204][StatusCode: 204][ContentType: ][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /generate)]
diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out
index 293606917..d2f8b70c2 100644
--- a/tests/result/starcraft_battle.pcap.out
+++ b/tests/result/starcraft_battle.pcap.out
@@ -8,35 +8,35 @@ Google	22	2184	5
 Github	3	234	1
 Starcraft	236	51494	6
 
-	1	TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][cat: Web/5][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Host: llnw.blizzard.com][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44.6/2.6 2914/58 340.9/11.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 56.2/1451.1 241/1514 19.6/290.7][URL: llnw.blizzard.com/sc2-pod-retail/AF11CD00/EU/24621.direct/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil][StatusCode: 200][PLAIN TEXT (GET /sc)]
+	1	TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][cat: Web/5][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Host: llnw.blizzard.com][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44.6/2.6 2914/58 340.9/11.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 56.2/1451.1 241/1514 19.6/290.7][URL: llnw.blizzard.com/sc2-pod-retail/AF11CD00/EU/24621.direct/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil][StatusCode: 200][ContentType: application/octet-stream][UserAgent: Blizzard Web Client][PLAIN TEXT (GET /sc)]
 	2	TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][cat: Game/8][126 pkts/9157 bytes <-> 89 pkts/41021 bytes][bytes ratio: -0.635 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30.2/37.4 1016/1086 103.8/132.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 72.7/460.9 249/1514 27.5/593.0][PLAIN TEXT (matteobracci1@gmail.com)]
-	3	TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.948 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6.6/3.0 33/34 13.0/9.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64.7/1402.4 203/1514 37.1/386.6][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/gc/GCF1DHMH8FDY1434670037434.jpg][StatusCode: 200][PLAIN TEXT (GET /cms/bnet)]
-	4	TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12.4/4.3 37/64 16.2/16.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68.6/1352.8 203/1514 42.6/456.0][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/4j/4J7OUIISCLTQ1436943629210.jpg][StatusCode: 200][PLAIN TEXT (GET /cms/bnet)]
-	5	TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8.4/2.4 34/35 14.0/8.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68.4/1352.8 200/1514 41.8/456.0][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/yf/YF9PRCZXJVPZ1428591254317.jpg][StatusCode: 200][PLAIN TEXT (GET /cms/bnet)]
-	6	TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10.1/3.2 34/47 14.1/11.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68.4/1352.8 200/1514 41.8/456.0][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/0x/0XQ1VXR8ZR271434128527471.jpg][StatusCode: 200][PLAIN TEXT (GET /cms/bnet)]
-	7	TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8.2/2.3 34/32 14.3/8.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68.4/1352.8 200/1514 41.8/456.0][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/fa/FA512IPUN0SE1436979936388.jpg][StatusCode: 200][PLAIN TEXT (GET /cms/bnet)]
+	3	TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.948 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6.6/3.0 33/34 13.0/9.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 64.7/1402.4 203/1514 37.1/386.6][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/gc/GCF1DHMH8FDY1434670037434.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)]
+	4	TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12.4/4.3 37/64 16.2/16.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68.6/1352.8 203/1514 42.6/456.0][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/4j/4J7OUIISCLTQ1436943629210.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)]
+	5	TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8.4/2.4 34/35 14.0/8.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68.4/1352.8 200/1514 41.8/456.0][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/yf/YF9PRCZXJVPZ1428591254317.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)]
+	6	TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10.1/3.2 34/47 14.1/11.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68.4/1352.8 200/1514 41.8/456.0][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/0x/0XQ1VXR8ZR271434128527471.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)]
+	7	TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Host: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8.2/2.3 34/32 14.3/8.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68.4/1352.8 200/1514 41.8/456.0][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/fa/FA512IPUN0SE1436979936388.jpg][StatusCode: 200][ContentType: image/jpeg][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)]
 	8	UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][11 pkts/4984 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.0 0/0 0.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 414/0 453.1/0.0 494/0 30.1/0.0][PLAIN TEXT (osNOTIFY )]
-	9	TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net][bytes ratio: -0.723 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31.0/18.0 64/60 27.1/24.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90.8/564.7 263/1514 77.1/672.6][URL: eu.battle.net/sc2/en-gb/data/live-events.xml][StatusCode: 200][PLAIN TEXT (GET /sc)]
-	10	TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net][bytes ratio: -0.703 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32.8/26.3 70/61 29.1/25.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91.2/627.8 265/1514 77.9/695.8][URL: eu.battle.net/sc2/en-gb/data/client-homepage.xml][StatusCode: 200][PLAIN TEXT (GET /sc)]
-	11	TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Host: eu.launcher.battle.net][bytes ratio: -0.702 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.8/18.3 56/55 27.8/25.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91.5/521.8 267/1514 78.6/654.3][URL: eu.launcher.battle.net/service/s2/regionsxml/regions.xml][StatusCode: 200][PLAIN TEXT (GET /service/s2/regions)]
-	12	TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Host: eu.launcher.battle.net][bytes ratio: -0.697 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29.0/19.3 58/58 29.0/27.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91.5/614.2 267/1514 78.6/680.1][URL: eu.launcher.battle.net/service/s2/regionsxml/regions.xml][StatusCode: 200][PLAIN TEXT (GET /service/s2/regions)]
-	13	TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 28.8/25.0 50/33 18.1/8.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 126.4/166.8 404/481 138.9/181.4][URL: www.google-analytics.com/collect][StatusCode: 200][PLAIN TEXT (POST /collect HTTP/1.1)]
-	14	TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/473 bytes <-> 4 pkts/753 bytes][Host: nydus.battle.net][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 59.8/33.0 100/66 29.7/33.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 78.8/188.2 191/573 50.4/222.1][URL: nydus.battle.net/S2/enGB/client/alert?build=enGB&targetRegion=EU][StatusCode: 302][PLAIN TEXT (GET /S2/enGB/client/alert)]
-	15	TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net][bytes ratio: -0.224 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 60.2/34.0 96/68 29.2/34.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79.2/187.2 193/569 51.1/220.4][URL: nydus.battle.net/S2/enGB/client/regions?build=enGB&targetRegion=EU][StatusCode: 302][PLAIN TEXT (GET /S2/enGB/client/regions)]
-	16	TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net][bytes ratio: -0.224 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 59.8/29.5 102/59 33.8/29.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79.2/187.2 193/569 51.1/220.4][URL: nydus.battle.net/S2/enGB/client/regions?build=enGB&targetRegion=EU][StatusCode: 302][PLAIN TEXT (GET /S2/enGB/client/regions)]
-	17	TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/481 bytes <-> 4 pkts/733 bytes][Host: nydus.battle.net][bytes ratio: -0.208 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 62.6/32.5 113/65 34.1/32.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 80.2/183.2 199/553 53.3/213.5][URL: nydus.battle.net/S2/enGB/client/feed/homepage?build=enGB&targetRegion=EU][StatusCode: 302][PLAIN TEXT (GET /S2/enGB/client/feed/homepa)]
-	18	TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net][bytes ratio: -0.200 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 61.0/32.5 111/65 33.1/32.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 80.5/181.2 201/545 54.1/210.0][URL: nydus.battle.net/S2/enGB/client/feed/live-event?build=enGB&targetRegion=EU][StatusCode: 302][PLAIN TEXT (GET /S2/enGB/client/feed/live)]
-	19	TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net][bytes ratio: -0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 43.0/29.0 58/58 24.8/29.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96.4/124.2 254/317 78.9/111.3][URL: eu.launcher.battle.net/service/s2/alert/en-gb][StatusCode: 200][PLAIN TEXT (GET /service/s2/alert/en)]
+	9	TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Host: eu.battle.net][bytes ratio: -0.723 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31.0/18.0 64/60 27.1/24.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90.8/564.7 263/1514 77.1/672.6][URL: eu.battle.net/sc2/en-gb/data/live-events.xml][StatusCode: 200][ContentType: application/xml][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /sc)]
+	10	TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][cat: Web/5][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Host: eu.battle.net][bytes ratio: -0.703 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32.8/26.3 70/61 29.1/25.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91.2/627.8 265/1514 77.9/695.8][URL: eu.battle.net/sc2/en-gb/data/client-homepage.xml][StatusCode: 200][ContentType: application/xml][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /sc)]
+	11	TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Host: eu.launcher.battle.net][bytes ratio: -0.702 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27.8/18.3 56/55 27.8/25.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91.5/521.8 267/1514 78.6/654.3][URL: eu.launcher.battle.net/service/s2/regionsxml/regions.xml][StatusCode: 200][ContentType: application/xml][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /service/s2/regions)]
+	12	TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Host: eu.launcher.battle.net][bytes ratio: -0.697 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29.0/19.3 58/58 29.0/27.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91.5/614.2 267/1514 78.6/680.1][URL: eu.launcher.battle.net/service/s2/regionsxml/regions.xml][StatusCode: 200][ContentType: application/xml][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /service/s2/regions)]
+	13	TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/632 bytes <-> 4 pkts/667 bytes][Host: www.google-analytics.com][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 28.8/25.0 50/33 18.1/8.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 126.4/166.8 404/481 138.9/181.4][URL: www.google-analytics.com/collect][StatusCode: 200][ContentType: image/gif][UserAgent: Battle.net/1.3.0.5952][PLAIN TEXT (POST /collect HTTP/1.1)]
+	14	TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/473 bytes <-> 4 pkts/753 bytes][Host: nydus.battle.net][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 59.8/33.0 100/66 29.7/33.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 78.8/188.2 191/573 50.4/222.1][URL: nydus.battle.net/S2/enGB/client/alert?build=enGB&targetRegion=EU][StatusCode: 302][ContentType: text/html][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /S2/enGB/client/alert)]
+	15	TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net][bytes ratio: -0.224 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 60.2/34.0 96/68 29.2/34.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79.2/187.2 193/569 51.1/220.4][URL: nydus.battle.net/S2/enGB/client/regions?build=enGB&targetRegion=EU][StatusCode: 302][ContentType: text/html][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /S2/enGB/client/regions)]
+	16	TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Host: nydus.battle.net][bytes ratio: -0.224 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 59.8/29.5 102/59 33.8/29.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79.2/187.2 193/569 51.1/220.4][URL: nydus.battle.net/S2/enGB/client/regions?build=enGB&targetRegion=EU][StatusCode: 302][ContentType: text/html][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /S2/enGB/client/regions)]
+	17	TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/481 bytes <-> 4 pkts/733 bytes][Host: nydus.battle.net][bytes ratio: -0.208 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 62.6/32.5 113/65 34.1/32.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 80.2/183.2 199/553 53.3/213.5][URL: nydus.battle.net/S2/enGB/client/feed/homepage?build=enGB&targetRegion=EU][StatusCode: 302][ContentType: text/html][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /S2/enGB/client/feed/homepa)]
+	18	TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][cat: Web/5][6 pkts/483 bytes <-> 4 pkts/725 bytes][Host: nydus.battle.net][bytes ratio: -0.200 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 61.0/32.5 111/65 33.1/32.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 80.5/181.2 201/545 54.1/210.0][URL: nydus.battle.net/S2/enGB/client/feed/live-event?build=enGB&targetRegion=EU][StatusCode: 302][ContentType: text/html][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /S2/enGB/client/feed/live)]
+	19	TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][cat: Web/5][5 pkts/482 bytes <-> 4 pkts/497 bytes][Host: eu.launcher.battle.net][bytes ratio: -0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 43.0/29.0 58/58 24.8/29.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96.4/124.2 254/317 78.9/111.3][URL: eu.launcher.battle.net/service/s2/alert/en-gb][StatusCode: 200][ContentType: text/plain][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /service/s2/alert/en)]
 	20	TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2624.0/2614.0 6381/6342 2710.7/2730.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 62.7/75.1 74/155 8.8/32.8]
-	21	TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 148.2/101.5 198/203 80.4/101.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73.4/128.2 139/327 33.1/114.8][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)]
+	21	TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Host: us.scan.worldofwarcraft.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 148.2/101.5 198/203 80.4/101.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73.4/128.2 139/327 33.1/114.8][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][ContentType: text/plain][UserAgent: ][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)]
 	22	UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Host: bnetcmsus-a.akamaihd.net][PLAIN TEXT (bnetcmsus)]
 	23	UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188.126/QUIC.Google][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457.0/14457.0 15059/14974 602.0/517.0][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81.0/77.3 83/83 2.8/8.0]
 	24	UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Host: 110.212.58.216.in-addr.arpa]
 	25	UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Host: llnw.blizzard.com][PLAIN TEXT (blizzard)]
 	26	UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Host: 100.1.168.192.in-addr.arpa][PLAIN TEXT (dynect)]
 	27	UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Host: 26.186.239.80.in-addr.arpa][PLAIN TEXT (signup)]
-	28	TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/78/78XH2UNU4JYK1434560551687.jpg][StatusCode: 0][PLAIN TEXT (GET /cms/bnet)]
-	29	TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/mf/MFTH8TS42HKX1430183778319.jpg][StatusCode: 0][PLAIN TEXT (GET /cms/bnet)]
+	28	TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/78/78XH2UNU4JYK1434560551687.jpg][StatusCode: 0][ContentType: ][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)]
+	29	TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Host: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/mf/MFTH8TS42HKX1430183778319.jpg][StatusCode: 0][ContentType: ][UserAgent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)]
 	30	UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Host: nydus.battle.net][PLAIN TEXT (battle)]
 	31	TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes]
 	32	TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/TLS][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes]
diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out
index a53a25046..b30d22f96 100644
--- a/tests/result/waze.pcap.out
+++ b/tests/result/waze.pcap.out
@@ -12,7 +12,7 @@ JA3 Host Stats:
 
 
 	1	TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 287.7/329.3 3806/5018 686.4/819.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 208.8/1360.9 590/17258 183.0/3378.1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2002-05-21 04:00:00 - 2018-08-21 04:00:00][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
-	2	TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][cat: Web/5][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 320.7/372.6 3680/3677 903.4/959.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68.9/3438.7 317/11833 58.6/3467.6][URL: xtra1.gpsonextra.net/xtra2.bin][StatusCode: 200][PLAIN TEXT (GET /xtra)]
+	2	TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][cat: Web/5][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 320.7/372.6 3680/3677 903.4/959.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68.9/3438.7 317/11833 58.6/3467.6][URL: xtra1.gpsonextra.net/xtra2.bin][StatusCode: 200][ContentType: application/octet-stream][UserAgent: Android][PLAIN TEXT (GET /xtra)]
 	3	TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 155.3/188.5 387/415 136.9/130.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115.4/3558.4 590/21942 132.3/6124.9][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2013-04-05 15:15:55 - 2016-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
 	4	TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 217.8/125.8 1449/293 382.9/116.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128.0/2829.5 590/11186 147.3/3901.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
 	5	TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][bytes ratio: -0.890 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 237.2/155.3 1289/609 358.5/182.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102.7/2026.6 411/8150 98.2/2611.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2002-05-21 04:00:00 - 2018-08-21 04:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
@@ -24,15 +24,15 @@ JA3 Host Stats:
 	11	TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 195.8/194.7 883/537 285.6/190.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 126.8/383.6 380/2189 106.9/639.7][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
 	12	TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 335.4/261.1 1332/645 428.4/235.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 114.5/490.3 347/2533 94.6/785.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
 	13	TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 300.3/341.3 1397/1346 459.1/420.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131.6/485.4 379/2165 107.7/725.4][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][Server: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Organization: Google Inc][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2013-04-05 15:15:55 - 2016-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
-	14	TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com][bytes ratio: -0.706 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/3 75.0/104.8 261/274 88.5/91.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.7/428.0 137/1678 26.0/650.9][URL: roadshields.waze.com/images/HD/CH2.png][StatusCode: 200][PLAIN TEXT (GET /images/HD/CH)]
+	14	TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Host: roadshields.waze.com][bytes ratio: -0.706 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/3 75.0/104.8 261/274 88.5/91.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.7/428.0 137/1678 26.0/650.9][URL: roadshields.waze.com/images/HD/CH2.png][StatusCode: 200][ContentType: image/png][UserAgent: /3.9.4.0][PLAIN TEXT (GET /images/HD/CH)]
 	15	TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 91.126/TLS.Google][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 32.2/74.5 53/188 24.3/68.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162.4/167.5 572/602 176.8/200.3][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 23f1f6e2f0015c166df49fdab4280370 (INSECURE)][Cipher: TLS_ECDHE_RSA_WITH_RC4_128_SHA]
-	16	TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.7/28.7 134/84 49.8/39.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74.2/110.1 194/447 45.7/137.5][URL: cres.waze.com/lang_asr/lang.portuguese_br_asr][StatusCode: 304][PLAIN TEXT (GET /lang)]
+	16	TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22.7/28.7 134/84 49.8/39.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74.2/110.1 194/447 45.7/137.5][URL: cres.waze.com/lang_asr/lang.portuguese_br_asr][StatusCode: 304][ContentType: ][UserAgent: /3.9.4.0][PLAIN TEXT (GET /lang)]
 	17	TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][cat: Chat/9][8 pkts/673 bytes <-> 7 pkts/668 bytes][bytes ratio: 0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 80.5/98.2 289/238 105.9/82.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 84.1/95.4 222/245 53.4/66.5][PLAIN TEXT (Android)]
-	18	TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 105.4/174.3 394/397 152.4/165.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.6/110.1 211/447 54.1/137.5][URL: cres.waze.com/newVconfig/1.0/3/prompts_conf.buf?rtserver-id=15][StatusCode: 304][PLAIN TEXT (GET /newV)]
-	19	TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/555 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42.2/69.7 177/177 68.5/77.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.3/110.1 209/447 53.4/137.5][URL: cres.waze.com/lang_tts/lang.portuguese_br_tts?rtserver-id=15][StatusCode: 304][PLAIN TEXT (GET /lang)]
-	20	TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 34.4/56.3 169/168 67.3/79.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.9/110.1 206/447 52.3/137.5][URL: cres.waze.com/langs/1.0/lang.portuguese_br?rtserver-id=15][StatusCode: 304][PLAIN TEXT (GET /langs/1.0/lang.portuguese)]
-	21	TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.8/42.3 126/125 50.1/58.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.6/109.9 204/445 51.7/136.8][URL: cres.waze.com/newVconfig/1.0/3/lang.conf?rtserver-id=15][StatusCode: 304][PLAIN TEXT (GET /newV)]
-	22	TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com][bytes ratio: -0.140 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 41.8/68.0 176/174 68.0/75.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.0/104.7 207/409 52.7/124.2][URL: roadshields.waze.com/shields_conf_new_latam?rtserver-id=15][StatusCode: 304][PLAIN TEXT (GET /shields)]
+	18	TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 105.4/174.3 394/397 152.4/165.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.6/110.1 211/447 54.1/137.5][URL: cres.waze.com/newVconfig/1.0/3/prompts_conf.buf?rtserver-id=15][StatusCode: 304][ContentType: ][UserAgent: /3.9.4.0][PLAIN TEXT (GET /newV)]
+	19	TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/555 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42.2/69.7 177/177 68.5/77.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.3/110.1 209/447 53.4/137.5][URL: cres.waze.com/lang_tts/lang.portuguese_br_tts?rtserver-id=15][StatusCode: 304][ContentType: ][UserAgent: /3.9.4.0][PLAIN TEXT (GET /lang)]
+	20	TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 34.4/56.3 169/168 67.3/79.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.9/110.1 206/447 52.3/137.5][URL: cres.waze.com/langs/1.0/lang.portuguese_br?rtserver-id=15][StatusCode: 304][ContentType: ][UserAgent: /3.9.4.0][PLAIN TEXT (GET /langs/1.0/lang.portuguese)]
+	21	TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.8/42.3 126/125 50.1/58.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78.6/109.9 204/445 51.7/136.8][URL: cres.waze.com/newVconfig/1.0/3/lang.conf?rtserver-id=15][StatusCode: 304][ContentType: ][UserAgent: /3.9.4.0][PLAIN TEXT (GET /newV)]
+	22	TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com][bytes ratio: -0.140 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 41.8/68.0 176/174 68.0/75.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79.0/104.7 207/409 52.7/124.2][URL: roadshields.waze.com/shields_conf_new_latam?rtserver-id=15][StatusCode: 304][ContentType: ][UserAgent: /3.9.4.0][PLAIN TEXT (GET /shields)]
 	23	TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes]
 	24	TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes]
 	25	TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes]
diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out
index 3a9053877..0c364f78d 100644
--- a/tests/result/webex.pcap.out
+++ b/tests/result/webex.pcap.out
@@ -44,9 +44,9 @@ JA3 Host Stats:
 	32	TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644.0/1878.7 10453/11491 3421.2/3952.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 138.8/108.7 590/472 162.8/127.1][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
 	33	TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8503.6/9920.5 59268/59268 20724.6/22069.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 150.8/68.3 590/183 167.8/40.5][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
 	34	TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877.3/2190.0 12884/12885 4493.7/4783.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 150.8/68.3 590/183 167.8/40.5][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
-	35	TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Host: cp.pushwoosh.com][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8230.0/114.3 40802/243 16286.2/99.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 161.7/136.8 590/551 194.2/185.2][URL: cp.pushwoosh.com/json/1.3/registerDevice][StatusCode: 200][PLAIN TEXT (POST /j)]
+	35	TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Host: cp.pushwoosh.com][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8230.0/114.3 40802/243 16286.2/99.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 161.7/136.8 590/551 194.2/185.2][URL: cp.pushwoosh.com/json/1.3/registerDevice][StatusCode: 200][ContentType: application/json][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][PLAIN TEXT (POST /j)]
 	36	TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 313.8/390.5 1555/1504 620.6/643.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 182.9/75.5 590/183 180.3/48.1][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
-	37	TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/105 10286.0/13713.3 40778/40779 17604.8/19138.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124.8/153.4 388/551 131.8/198.8][URL: cp.pushwoosh.com/json/1.3/applicationOpen][StatusCode: 200][PLAIN TEXT (POST /j)]
+	37	TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/105 10286.0/13713.3 40778/40779 17604.8/19138.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124.8/153.4 388/551 131.8/198.8][URL: cp.pushwoosh.com/json/1.3/applicationOpen][StatusCode: 200][ContentType: application/json][UserAgent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][PLAIN TEXT (POST /j)]
 	38	UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][cat: VoIP/10][14 pkts/1071 bytes <-> 2 pkts/100 bytes][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 122/117 1602.2/117.0 8966/117 2266.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 47/50 76.5/50.0 84/50 14.4/0.0]
 	39	TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 100.6/149.3 442/392 171.7/172.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102.3/79.8 281/146 81.4/36.1][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
 	40	TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112.0/148.3 444/442 191.7/207.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112.0/86.2 281/183 86.0/55.9][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out
index 7425f6e0d..3cee8abf0 100644
--- a/tests/result/weibo.pcap.out
+++ b/tests/result/weibo.pcap.out
@@ -10,18 +10,18 @@ JA3 Host Stats:
 	1	 192.168.1.105            	 1      
 
 
-	1	TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.860 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29.0/29.3 400/372 66.4/64.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/1324.7 533/4374 116.5/822.8][URL: img.t.sinajs.cn/t6/style/css/module/base/frame.css?version=201605130537][StatusCode: 200][PLAIN TEXT (GET /t6/style/css/module/base/f)]
-	2	TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][32 pkts/3624 bytes <-> 40 pkts/50657 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.866 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47.7/38.7 314/338 88.7/81.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113.2/1266.4 549/2938 132.2/620.2][URL: img.t.sinajs.cn/t6/style/css/module/combination/comb_login.css?version=201605130537][StatusCode: 200][PLAIN TEXT (GET /t6/style/css/module/combin)]
-	3	TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][40 pkts/3462 bytes <-> 39 pkts/34030 bytes][Host: www.weibo.com][bytes ratio: -0.815 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24.9/22.7 482/454 83.8/80.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86.6/872.6 516/2938 69.2/915.2][URL: www.weibo.com/login.php?lang=en-us][StatusCode: 200][PLAIN TEXT (GET /login.php)]
-	4	TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][27 pkts/2298 bytes <-> 26 pkts/34170 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.874 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 23.0/21.8 183/162 50.2/47.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.1/1314.2 550/1502 91.2/448.1][URL: img.t.sinajs.cn/t6/style/images/growth/login/sprite_login.png?13434210384389][StatusCode: 200][PLAIN TEXT (GET /t6/style/images/growth/log)]
-	5	TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.800 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 71.8/74.7 375/438 115.7/123.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110.6/1046.1 525/1502 126.8/556.9][URL: img.t.sinajs.cn/t6/skin/default/skin.css?version=201605130537][StatusCode: 200][PLAIN TEXT (GET /t6/skin/default/skin.css)]
-	6	TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.850 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 32.1/37.9 252/181 64.0/50.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93.4/1216.5 539/1502 108.1/525.5][URL: img.t.sinajs.cn/t6/style/images/common/font/wbficon.woff?id=201605111746][StatusCode: 200][PLAIN TEXT (GET /t6/style/images/common/fon)]
-	7	TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 45.4/41.5 163/160 63.4/68.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 135.1/625.8 530/1502 161.3/505.1][URL: img.t.sinajs.cn/t6/style/images/global_nav/WB_logo_b.png][StatusCode: 200][PLAIN TEXT (GET /t6/style/images/global)]
+	1	TCP 192.168.1.105:35803 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][52 pkts/5367 bytes <-> 54 pkts/71536 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.860 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29.0/29.3 400/372 66.4/64.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103.2/1324.7 533/4374 116.5/822.8][URL: img.t.sinajs.cn/t6/style/css/module/base/frame.css?version=201605130537][StatusCode: 200][ContentType: text/css][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/style/css/module/base/f)]
+	2	TCP 192.168.1.105:35804 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][32 pkts/3624 bytes <-> 40 pkts/50657 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.866 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47.7/38.7 314/338 88.7/81.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113.2/1266.4 549/2938 132.2/620.2][URL: img.t.sinajs.cn/t6/style/css/module/combination/comb_login.css?version=201605130537][StatusCode: 200][ContentType: text/css][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/style/css/module/combin)]
+	3	TCP 192.168.1.105:51698 <-> 93.188.134.137:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][40 pkts/3462 bytes <-> 39 pkts/34030 bytes][Host: www.weibo.com][bytes ratio: -0.815 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24.9/22.7 482/454 83.8/80.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86.6/872.6 516/2938 69.2/915.2][URL: www.weibo.com/login.php?lang=en-us][StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /login.php)]
+	4	TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][27 pkts/2298 bytes <-> 26 pkts/34170 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.874 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 23.0/21.8 183/162 50.2/47.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.1/1314.2 550/1502 91.2/448.1][URL: img.t.sinajs.cn/t6/style/images/growth/login/sprite_login.png?13434210384389][StatusCode: 200][ContentType: image/png][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/style/images/growth/log)]
+	5	TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.800 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 71.8/74.7 375/438 115.7/123.1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110.6/1046.1 525/1502 126.8/556.9][URL: img.t.sinajs.cn/t6/skin/default/skin.css?version=201605130537][StatusCode: 200][ContentType: text/css][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/skin/default/skin.css)]
+	6	TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.850 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 32.1/37.9 252/181 64.0/50.6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93.4/1216.5 539/1502 108.1/525.5][URL: img.t.sinajs.cn/t6/style/images/common/font/wbficon.woff?id=201605111746][StatusCode: 200][ContentType: application/x-font-woff][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/style/images/common/fon)]
+	7	TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Host: img.t.sinajs.cn][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 45.4/41.5 163/160 63.4/68.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 135.1/625.8 530/1502 161.3/505.1][URL: img.t.sinajs.cn/t6/style/images/global_nav/WB_logo_b.png][StatusCode: 200][ContentType: image/png][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/style/images/global)]
 	8	UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188.126/QUIC.Google][cat: Web/5][8 pkts/1301 bytes <-> 6 pkts/873 bytes][bytes ratio: 0.197 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 76/2 266.5/14.2 1385/29 502.8/13.3][Pkt Len c2s/s2c min/avg/max/stddev: 67/74 162.6/145.5 406/433 122.4/129.3]
 	9	UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188.126/QUIC.Google][cat: Web/5][5 pkts/963 bytes <-> 4 pkts/981 bytes][bytes ratio: -0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171.2/228.0 626/662 263.7/307.0][Pkt Len c2s/s2c min/avg/max/stddev: 77/85 192.6/245.2 353/660 93.4/241.0]
-	10	TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/347 175.8/347.5 353/348 174.3/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147.2/215.8 500/689 176.6/273.3][URL: weibo.com/login.php?lang=en-us][StatusCode: 301][PLAIN TEXT (GET /login.php)]
-	11	TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn][URL: js.t.sinajs.cn/t5/register/js/v6/pl/base.js?version=201605130537][StatusCode: 0][PLAIN TEXT (KGET /t)]
-	12	TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn][URL: u1.img.mobile.sina.cn/public/files/image/620x300_img5653d57c6dab2.png][StatusCode: 0][PLAIN TEXT (GET /public/files/image/620)]
+	10	TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][cat: Web/5][5 pkts/736 bytes <-> 4 pkts/863 bytes][Host: weibo.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/347 175.8/347.5 353/348 174.3/0.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147.2/215.8 500/689 176.6/273.3][URL: weibo.com/login.php?lang=en-us][StatusCode: 301][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /login.php)]
+	11	TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Host: js.t.sinajs.cn][URL: js.t.sinajs.cn/t5/register/js/v6/pl/base.js?version=201605130537][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (KGET /t)]
+	12	TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Host: u1.img.mobile.sina.cn][URL: u1.img.mobile.sina.cn/public/files/image/620x300_img5653d57c6dab2.png][StatusCode: 0][ContentType: ][UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /public/files/image/620)]
 	13	TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/TLS][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][TLSv1][Client: g.alicdn.com][JA3C: 58e7f64db6e4fe4941dd9691d421196c][PLAIN TEXT (g.alicdn.com)]
 	14	UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/75 bytes <-> 1 pkts/191 bytes][Host: img.t.sinajs.cn]
 	15	UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][cat: SocialNetwork/6][1 pkts/74 bytes <-> 1 pkts/190 bytes][Host: js.t.sinajs.cn]
-- 
cgit v1.2.3