aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-captured
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2025-03-05 19:00:23 +0100
committerToni Uhlig <matzeton@googlemail.com>2025-03-06 19:00:23 +0100
commitae95c95617d3716abcfbcc93742f6652e44d151c (patch)
treefb07186390ebc402a34aa212986ee4a0d0e44ea1 /test/results/flow-captured
parent42c54d3755a84dfaf741157fe83c94b0b15fb296 (diff)
bump libnDPI to c49d126d3642d5b1f5168d049e3ebf0ee3451edcHEADtmpmain
* fix API issue with a changed function signature Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-captured')
-rw-r--r--test/results/flow-captured/classification_only/bittorrent.pcap.out46
-rw-r--r--test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out1
-rw-r--r--test/results/flow-captured/classification_only/forticlient.pcap.out1
-rw-r--r--test/results/flow-captured/classification_only/http-basic-auth.pcap.out15
-rw-r--r--test/results/flow-captured/classification_only/http-pwd.pcapng.out1
-rw-r--r--test/results/flow-captured/classification_only/http_auth.pcap.out1
-rw-r--r--test/results/flow-captured/classification_only/ookla.pcap.out1
-rw-r--r--test/results/flow-captured/classification_only/sip.pcap.out (renamed from test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out)0
-rw-r--r--test/results/flow-captured/classification_only/teams.pcap.out (renamed from test/results/flow-captured/stun_all_attributes_disabled/teams.pcap.out)0
-rw-r--r--test/results/flow-captured/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out (renamed from test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out)0
-rw-r--r--test/results/flow-captured/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out (renamed from test/results/flow-captured/dns_process_response_disable/dns.pcap.out)0
-rw-r--r--test/results/flow-captured/classification_only/tls_1.2_unidirectional_client.pcapng.out0
-rw-r--r--test/results/flow-captured/classification_only/tls_1.2_unidirectional_server.pcapng.out0
-rw-r--r--test/results/flow-captured/classification_only/tls_1.3_unidirectional_client.pcapng.out0
-rw-r--r--test/results/flow-captured/classification_only/tls_1.3_unidirectional_server.pcapng.out0
-rw-r--r--test/results/flow-captured/classification_only/tls_ech.pcapng.out0
-rw-r--r--test/results/flow-captured/classification_only/tls_verylong_certificate.pcap.out0
-rw-r--r--test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out1
-rw-r--r--test/results/flow-captured/default/dns2.pcap.out1
-rw-r--r--test/results/flow-captured/default/dns_fragmented.pcap.out2
-rw-r--r--test/results/flow-captured/default/dns_lots_of_answers.pcapng.out0
-rw-r--r--test/results/flow-captured/default/dns_multiple_transactions_same_flow.pcap.out0
-rw-r--r--test/results/flow-captured/default/dns_response_only.pcap.out0
-rw-r--r--test/results/flow-captured/default/dns_retransmissions.pcap.out1
-rw-r--r--test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out4
-rw-r--r--test/results/flow-captured/default/lagofast.pcap.out0
-rw-r--r--test/results/flow-captured/default/nordvpn.pcap.out4
-rw-r--r--test/results/flow-captured/default/ssdp.pcapng.out0
-rw-r--r--test/results/flow-captured/default/tor-browser.pcap.out3
-rw-r--r--test/results/flow-captured/dns_sub_enable/dns.pcap.out0
-rw-r--r--test/results/flow-captured/dns_sub_enable/dns2.pcap.out1
-rw-r--r--test/results/flow-captured/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out0
-rw-r--r--test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out1
-rw-r--r--test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out1
-rw-r--r--test/results/flow-captured/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out0
-rw-r--r--test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out1
36 files changed, 79 insertions, 7 deletions
diff --git a/test/results/flow-captured/classification_only/bittorrent.pcap.out b/test/results/flow-captured/classification_only/bittorrent.pcap.out
new file mode 100644
index 000000000..6e5155d66
--- /dev/null
+++ b/test/results/flow-captured/classification_only/bittorrent.pcap.out
@@ -0,0 +1,46 @@
+Flow 17 risky: tcp 192.168.1.3:52915 -> 198.100.146.9:60163
+Flow 17 midstream: tcp 192.168.1.3:52915 -> 198.100.146.9:60163
+Flow 2 risky: tcp 192.168.1.3:52887 -> 82.57.97.83:53137
+Flow 2 midstream: tcp 192.168.1.3:52887 -> 82.57.97.83:53137
+Flow 11 risky: tcp 192.168.1.3:52906 -> 82.57.97.83:53137
+Flow 11 midstream: tcp 192.168.1.3:52906 -> 82.57.97.83:53137
+Flow 20 risky: tcp 192.168.1.3:52921 -> 95.234.159.16:41205
+Flow 20 midstream: tcp 192.168.1.3:52921 -> 95.234.159.16:41205
+Flow 24 risky: tcp 192.168.1.3:52925 -> 93.65.227.100:19116
+Flow 24 midstream: tcp 192.168.1.3:52925 -> 93.65.227.100:19116
+Flow 21 risky: tcp 192.168.1.3:52922 -> 95.237.193.34:11321
+Flow 21 midstream: tcp 192.168.1.3:52922 -> 95.237.193.34:11321
+Flow 9 risky: tcp 192.168.1.3:52902 -> 190.103.195.56:46633
+Flow 9 midstream: tcp 192.168.1.3:52902 -> 190.103.195.56:46633
+Flow 18 risky: tcp 192.168.1.3:52914 -> 190.103.195.56:46633
+Flow 18 midstream: tcp 192.168.1.3:52914 -> 190.103.195.56:46633
+Flow 3 midstream: tcp 192.168.1.3:52895 -> 83.216.184.241:51413
+Flow 22 midstream: tcp 192.168.1.3:52927 -> 83.216.184.241:51413
+Flow 13 risky: tcp 192.168.1.3:52912 -> 151.72.255.163:59928
+Flow 13 midstream: tcp 192.168.1.3:52912 -> 151.72.255.163:59928
+Flow 23 risky: tcp 192.168.1.3:52926 -> 93.65.249.100:31336
+Flow 23 midstream: tcp 192.168.1.3:52926 -> 93.65.249.100:31336
+Flow 19 risky: tcp 192.168.1.3:52917 -> 151.15.48.189:47001
+Flow 19 midstream: tcp 192.168.1.3:52917 -> 151.15.48.189:47001
+Flow 8 risky: tcp 192.168.1.3:52903 -> 198.100.146.9:60163
+Flow 8 midstream: tcp 192.168.1.3:52903 -> 198.100.146.9:60163
+Flow 1 risky: tcp 192.168.1.3:52888 -> 82.58.216.115:38305
+Flow 1 midstream: tcp 192.168.1.3:52888 -> 82.58.216.115:38305
+Flow 10 risky: tcp 192.168.1.3:52907 -> 82.58.216.115:38305
+Flow 10 midstream: tcp 192.168.1.3:52907 -> 82.58.216.115:38305
+Flow 5 risky: tcp 192.168.1.3:52894 -> 120.62.33.241:39332
+Flow 5 midstream: tcp 192.168.1.3:52894 -> 120.62.33.241:39332
+Flow 15 risky: tcp 192.168.1.3:52910 -> 120.62.33.241:39332
+Flow 15 midstream: tcp 192.168.1.3:52910 -> 120.62.33.241:39332
+Flow 7 risky: tcp 192.168.1.3:52893 -> 79.55.129.22:12097
+Flow 7 midstream: tcp 192.168.1.3:52893 -> 79.55.129.22:12097
+Flow 16 risky: tcp 192.168.1.3:52908 -> 79.55.129.22:12097
+Flow 16 midstream: tcp 192.168.1.3:52908 -> 79.55.129.22:12097
+Flow 4 risky: tcp 192.168.1.3:52896 -> 79.53.228.2:14627
+Flow 4 midstream: tcp 192.168.1.3:52896 -> 79.53.228.2:14627
+Flow 14 risky: tcp 192.168.1.3:52909 -> 79.53.228.2:14627
+Flow 14 midstream: tcp 192.168.1.3:52909 -> 79.53.228.2:14627
+Flow 6 risky: tcp 192.168.1.3:52897 -> 151.26.95.30:22673
+Flow 6 midstream: tcp 192.168.1.3:52897 -> 151.26.95.30:22673
+Flow 12 risky: tcp 192.168.1.3:52911 -> 151.26.95.30:22673
+Flow 12 midstream: tcp 192.168.1.3:52911 -> 151.26.95.30:22673
diff --git a/test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out b/test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out
new file mode 100644
index 000000000..294e2dd8f
--- /dev/null
+++ b/test/results/flow-captured/classification_only/bittorrent_tcp_miss.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 192.168.122.34:48987 -> 178.71.206.1:6881
diff --git a/test/results/flow-captured/classification_only/forticlient.pcap.out b/test/results/flow-captured/classification_only/forticlient.pcap.out
new file mode 100644
index 000000000..5754031a2
--- /dev/null
+++ b/test/results/flow-captured/classification_only/forticlient.pcap.out
@@ -0,0 +1 @@
+Flow 5 risky: tcp 192.168.1.178:61820 -> 82.81.46.13:10443
diff --git a/test/results/flow-captured/classification_only/http-basic-auth.pcap.out b/test/results/flow-captured/classification_only/http-basic-auth.pcap.out
new file mode 100644
index 000000000..d891a90e8
--- /dev/null
+++ b/test/results/flow-captured/classification_only/http-basic-auth.pcap.out
@@ -0,0 +1,15 @@
+Flow 1 risky: tcp 192.168.0.4:54317 -> 192.254.189.169:80
+Flow 2 risky: tcp 192.168.0.4:54318 -> 192.254.189.169:80
+Flow 7 risky: tcp 192.168.0.4:54337 -> 192.254.189.169:80
+Flow 8 risky: tcp 192.168.0.4:54338 -> 192.254.189.169:80
+Flow 9 risky: tcp 192.168.0.4:54340 -> 192.254.189.169:80
+Flow 14 risky: tcp 192.168.0.4:54487 -> 192.254.189.169:80
+Flow 15 risky: tcp 192.168.0.4:54505 -> 192.254.189.169:80
+Flow 24 risky: tcp 192.168.0.4:54584 -> 192.254.189.169:80
+Flow 10 risky: tcp 192.168.0.4:54341 -> 192.254.189.169:80
+Flow 11 risky: tcp 192.168.0.4:54342 -> 192.254.189.169:80
+Flow 12 risky: tcp 192.168.0.4:54343 -> 192.254.189.169:80
+Flow 20 risky: tcp 192.168.0.4:54580 -> 192.254.189.169:80
+Flow 21 risky: tcp 192.168.0.4:54581 -> 192.254.189.169:80
+Flow 22 risky: tcp 192.168.0.4:54582 -> 192.254.189.169:80
+Flow 23 risky: tcp 192.168.0.4:54583 -> 192.254.189.169:80
diff --git a/test/results/flow-captured/classification_only/http-pwd.pcapng.out b/test/results/flow-captured/classification_only/http-pwd.pcapng.out
new file mode 100644
index 000000000..2f04e0388
--- /dev/null
+++ b/test/results/flow-captured/classification_only/http-pwd.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 127.0.0.1:56451 -> 127.0.0.1:3000
diff --git a/test/results/flow-captured/classification_only/http_auth.pcap.out b/test/results/flow-captured/classification_only/http_auth.pcap.out
new file mode 100644
index 000000000..f64f8755f
--- /dev/null
+++ b/test/results/flow-captured/classification_only/http_auth.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 192.168.0.4:54337 -> 192.254.189.169:80
diff --git a/test/results/flow-captured/classification_only/ookla.pcap.out b/test/results/flow-captured/classification_only/ookla.pcap.out
new file mode 100644
index 000000000..1f5694308
--- /dev/null
+++ b/test/results/flow-captured/classification_only/ookla.pcap.out
@@ -0,0 +1 @@
+Flow 3 risky: tcp 192.168.1.7:51207 -> 46.44.253.187:80
diff --git a/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out b/test/results/flow-captured/classification_only/sip.pcap.out
index 1090142cf..1090142cf 100644
--- a/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out
+++ b/test/results/flow-captured/classification_only/sip.pcap.out
diff --git a/test/results/flow-captured/stun_all_attributes_disabled/teams.pcap.out b/test/results/flow-captured/classification_only/teams.pcap.out
index 88544269b..88544269b 100644
--- a/test/results/flow-captured/stun_all_attributes_disabled/teams.pcap.out
+++ b/test/results/flow-captured/classification_only/teams.pcap.out
diff --git a/test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out b/test/results/flow-captured/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out
index e69de29bb..e69de29bb 100644
--- a/test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out
+++ b/test/results/flow-captured/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out
diff --git a/test/results/flow-captured/dns_process_response_disable/dns.pcap.out b/test/results/flow-captured/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out
index e69de29bb..e69de29bb 100644
--- a/test/results/flow-captured/dns_process_response_disable/dns.pcap.out
+++ b/test/results/flow-captured/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out
diff --git a/test/results/flow-captured/classification_only/tls_1.2_unidirectional_client.pcapng.out b/test/results/flow-captured/classification_only/tls_1.2_unidirectional_client.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/classification_only/tls_1.2_unidirectional_client.pcapng.out
diff --git a/test/results/flow-captured/classification_only/tls_1.2_unidirectional_server.pcapng.out b/test/results/flow-captured/classification_only/tls_1.2_unidirectional_server.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/classification_only/tls_1.2_unidirectional_server.pcapng.out
diff --git a/test/results/flow-captured/classification_only/tls_1.3_unidirectional_client.pcapng.out b/test/results/flow-captured/classification_only/tls_1.3_unidirectional_client.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/classification_only/tls_1.3_unidirectional_client.pcapng.out
diff --git a/test/results/flow-captured/classification_only/tls_1.3_unidirectional_server.pcapng.out b/test/results/flow-captured/classification_only/tls_1.3_unidirectional_server.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/classification_only/tls_1.3_unidirectional_server.pcapng.out
diff --git a/test/results/flow-captured/classification_only/tls_ech.pcapng.out b/test/results/flow-captured/classification_only/tls_ech.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/classification_only/tls_ech.pcapng.out
diff --git a/test/results/flow-captured/classification_only/tls_verylong_certificate.pcap.out b/test/results/flow-captured/classification_only/tls_verylong_certificate.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/classification_only/tls_verylong_certificate.pcap.out
diff --git a/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
index e69de29bb..e1e60dba9 100644
--- a/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -0,0 +1 @@
+Flow 5 risky: udp 10.35.60.100:15580 -> 10.23.1.52:16756
diff --git a/test/results/flow-captured/default/dns2.pcap.out b/test/results/flow-captured/default/dns2.pcap.out
new file mode 100644
index 000000000..5152e60d8
--- /dev/null
+++ b/test/results/flow-captured/default/dns2.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: udp 192.168.255.251:56550 -> 8.8.8.8:53
diff --git a/test/results/flow-captured/default/dns_fragmented.pcap.out b/test/results/flow-captured/default/dns_fragmented.pcap.out
index efa654bb2..efd713c2e 100644
--- a/test/results/flow-captured/default/dns_fragmented.pcap.out
+++ b/test/results/flow-captured/default/dns_fragmented.pcap.out
@@ -1,8 +1,6 @@
-Flow 7 risky: udp 2a00:1450:4013:c05::10e:34944 -> 2001:470:765b::a25:53:53
Flow 2 risky: udp 2a00:1450:4013:c03::10a:46433 -> 2001:470:765b::a25:53:53
Flow 4 risky: udp 173.194.169.104:59464 -> 193.24.227.238:53
Flow 1 risky: udp 172.217.40.76:56680 -> 193.24.227.238:53
-Flow 5 risky: udp 2a00:1450:400c:c00::106:54430 -> 2001:470:765b::a25:53:53
Flow 3 risky: udp 2a00:1450:4013:c06::105:63369 -> 2001:470:765b::a25:53:53
Flow 6 risky: udp 74.125.47.136:59330 -> 193.24.227.238:53
Flow 17 risky: udp 194.247.5.6:51791 -> 193.24.227.238:53
diff --git a/test/results/flow-captured/default/dns_lots_of_answers.pcapng.out b/test/results/flow-captured/default/dns_lots_of_answers.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/dns_lots_of_answers.pcapng.out
diff --git a/test/results/flow-captured/default/dns_multiple_transactions_same_flow.pcap.out b/test/results/flow-captured/default/dns_multiple_transactions_same_flow.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/dns_multiple_transactions_same_flow.pcap.out
diff --git a/test/results/flow-captured/default/dns_response_only.pcap.out b/test/results/flow-captured/default/dns_response_only.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/dns_response_only.pcap.out
diff --git a/test/results/flow-captured/default/dns_retransmissions.pcap.out b/test/results/flow-captured/default/dns_retransmissions.pcap.out
new file mode 100644
index 000000000..04da7d3ce
--- /dev/null
+++ b/test/results/flow-captured/default/dns_retransmissions.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: udp 37.41.101.140:11892 -> 208.67.222.222:53
diff --git a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out
index 8267609cc..3ef94599c 100644
--- a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out
@@ -13,15 +13,12 @@ Flow 100 risky: udp 192.168.1.2:4901 -> 200.68.120.81:29440
Flow 78 not-detected: udp 192.168.1.2:2730 -> 192.168.1.1:43690
Flow 111 risky: udp 192.168.1.2:2757 -> 192.168.1.1:53
Flow 82 not-detected: udp 192.168.1.170:43690 -> 170.170.170.170:43690
-Flow 122 risky: udp 192.168.1.1:53 -> 192.168.1.2:2763
-Flow 123 risky: udp 192.168.1.2:2764 -> 192.168.1.1:53
Flow 126 risky: udp 192.168.1.1:53 -> 192.168.1.2:2765
Flow 124 not-detected: udp 192.168.1.2:43690 -> 170.170.170.170:43690
Flow 147 risky: udp 192.168.1.2:2775 -> 192.168.1.1:53
Flow 58 not-detected: 120 192.168.1.2 -> 212.242.33.35
Flow 133 not-detected: udp 94.168.1.2:2768 -> 192.168.1.1:4
Flow 135 not-detected: udp 192.168.1.1:117 -> 192.168.1.2:2769
-Flow 177 risky: udp 192.168.1.1:53 -> 240.168.1.2:2792
Flow 162 not-detected: udp 212.242.33.35:9587 -> 192.168.1.2:196
Flow 85 not-detected: 240 192.168.1.2 -> 192.168.1.1
Flow 173 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690
@@ -37,7 +34,6 @@ Flow 214 risky: udp 192.168.1.1:53 -> 192.168.1.2:2807
Flow 195 not-detected: udp 192.168.170.170:43690 -> 170.170.170.170:43690
Flow 149 not-detected: 0 192.168.1.2 -> 192.168.1.255
Flow 203 not-detected: udp 192.168.1.2:2800 -> 192.168.1.1:21
-Flow 230 risky: udp 192.168.1.2:2815 -> 192.168.1.1:53
Flow 157 not-detected: 19 192.168.1.2 -> 192.168.1.1
Flow 117 not-detected: 37 192.168.1.1 -> 192.168.1.2
Flow 211 not-detected: udp 192.168.1.2:2805 -> 192.168.1.1:51
diff --git a/test/results/flow-captured/default/lagofast.pcap.out b/test/results/flow-captured/default/lagofast.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/lagofast.pcap.out
diff --git a/test/results/flow-captured/default/nordvpn.pcap.out b/test/results/flow-captured/default/nordvpn.pcap.out
new file mode 100644
index 000000000..6f73670f1
--- /dev/null
+++ b/test/results/flow-captured/default/nordvpn.pcap.out
@@ -0,0 +1,4 @@
+Flow 2 guessed: udp 192.168.1.204:63670 -> 192.145.125.35:1198
+Flow 2 not-detected: udp 192.168.1.204:63670 -> 192.145.125.35:1198
+Flow 3 guessed: tcp 192.168.1.204:49766 -> 212.129.45.224:995
+Flow 3 not-detected: tcp 192.168.1.204:49766 -> 212.129.45.224:995
diff --git a/test/results/flow-captured/default/ssdp.pcapng.out b/test/results/flow-captured/default/ssdp.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/ssdp.pcapng.out
diff --git a/test/results/flow-captured/default/tor-browser.pcap.out b/test/results/flow-captured/default/tor-browser.pcap.out
new file mode 100644
index 000000000..72258ef7e
--- /dev/null
+++ b/test/results/flow-captured/default/tor-browser.pcap.out
@@ -0,0 +1,3 @@
+Flow 7 risky: tcp 192.168.0.123:64623 -> 86.3.18.251:443
+Flow 8 risky: tcp 192.168.0.123:64624 -> 178.17.170.254:443
+Flow 5 risky: icmp 192.168.0.16 -> 192.168.0.123
diff --git a/test/results/flow-captured/dns_sub_enable/dns.pcap.out b/test/results/flow-captured/dns_sub_enable/dns.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/dns_sub_enable/dns.pcap.out
diff --git a/test/results/flow-captured/dns_sub_enable/dns2.pcap.out b/test/results/flow-captured/dns_sub_enable/dns2.pcap.out
new file mode 100644
index 000000000..5152e60d8
--- /dev/null
+++ b/test/results/flow-captured/dns_sub_enable/dns2.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: udp 192.168.255.251:56550 -> 8.8.8.8:53
diff --git a/test/results/flow-captured/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out b/test/results/flow-captured/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out
diff --git a/test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out b/test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out
new file mode 100644
index 000000000..04da7d3ce
--- /dev/null
+++ b/test/results/flow-captured/dns_sub_enable/dns_retransmissions.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: udp 37.41.101.140:11892 -> 208.67.222.222:53
diff --git a/test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out b/test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out
new file mode 100644
index 000000000..6ef4eba5e
--- /dev/null
+++ b/test/results/flow-captured/flow_risk_infos_disabled/http_invalid_server.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 192.168.1.29:51536 -> 143.204.14.183:80
diff --git a/test/results/flow-captured/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out b/test/results/flow-captured/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/flow_risk_infos_disabled/tls_malicious_sha1.pcapng.out
diff --git a/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out
deleted file mode 100644
index 7cce13929..000000000
--- a/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out
+++ /dev/null
@@ -1 +0,0 @@
-Flow 2 risky: udp 10.0.2.15:57701 -> 217.23.3.76:443
Powered by cgit, Themed by Ted Yin.