aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-captured
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2024-02-06 10:34:26 +0100
committerToni Uhlig <matzeton@googlemail.com>2024-02-06 10:34:52 +0100
commitfeb2583ef680281c827df75e3c3f6d4b97be8d8f (patch)
treedf3f88da74327f058527e70d2ef39a0b5f47a13c /test/results/flow-captured
parent7368f222dbddebab4cb36d7585cb152721bdd024 (diff)
bump libnDPI to 4543385d107fcc5a7e8632e35d9a60bcc40cb4f4
* incorporated API changes from nDPI Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-captured')
-rw-r--r--test/results/flow-captured/caches_global/bittorrent.pcap.out46
-rw-r--r--test/results/flow-captured/caches_global/lru_ipv6_caches.pcapng.out (renamed from test/results/flow-captured/disable_stun_monitoring/lru_ipv6_caches.pcapng.out)0
-rw-r--r--test/results/flow-captured/caches_global/mining.pcapng.out4
-rw-r--r--test/results/flow-captured/caches_global/ookla.pcap.out2
-rw-r--r--test/results/flow-captured/caches_global/teams.pcap.out21
-rw-r--r--test/results/flow-captured/caches_global/zoom_p2p.pcapng.out (renamed from test/results/flow-captured/default/mysql-8.pcap.out)0
-rw-r--r--test/results/flow-captured/default/anyconnect-vpn.pcap.out1
-rw-r--r--test/results/flow-captured/default/beckhoff_ads.pcapng.out (renamed from test/results/flow-captured/default/steam.pcap.out)0
-rw-r--r--test/results/flow-captured/default/bitcoin.pcap.out2
-rw-r--r--test/results/flow-captured/default/bittorrent_utp.pcap.out1
-rw-r--r--test/results/flow-captured/default/ceph.pcap.out (renamed from test/results/flow-captured/default/steam_datagram_relay_ping.pcapng.out)0
-rw-r--r--test/results/flow-captured/default/cip_io.pcap.out0
-rw-r--r--test/results/flow-captured/default/custom_rules_ipv6.pcapng.out6
-rw-r--r--test/results/flow-captured/default/dcerpc.pcap.out4
-rw-r--r--test/results/flow-captured/default/dlms.pcap.out1
-rw-r--r--test/results/flow-captured/default/dns.pcap.out0
-rw-r--r--test/results/flow-captured/default/dtls_certificate.pcapng.out1
-rw-r--r--test/results/flow-captured/default/emotet.pcap.out1
-rw-r--r--test/results/flow-captured/default/ethersbus.pcap.out0
-rw-r--r--test/results/flow-captured/default/ethersio.pcap.out0
-rw-r--r--test/results/flow-captured/default/fins.pcap.out0
-rw-r--r--test/results/flow-captured/default/gearman.pcap.out0
-rw-r--r--test/results/flow-captured/default/google_chat.pcapng.out0
-rw-r--r--test/results/flow-captured/default/google_meet.pcapng.out0
-rw-r--r--test/results/flow-captured/default/gquic_only_from_server.pcap.out0
-rw-r--r--test/results/flow-captured/default/h323_tcp.pcap.out0
-rw-r--r--test/results/flow-captured/default/hart_ip.pcap.out0
-rw-r--r--test/results/flow-captured/default/hislip.pcap.out0
-rw-r--r--test/results/flow-captured/default/hl7.pcap.out1
-rw-r--r--test/results/flow-captured/default/http.pcapng.out0
-rw-r--r--test/results/flow-captured/default/http_asymmetric.pcapng.out1
-rw-r--r--test/results/flow-captured/default/ieee_c37118.pcap.out0
-rw-r--r--test/results/flow-captured/default/ip_fragmented_garbage.pcap.out37
-rw-r--r--test/results/flow-captured/default/iso9506-1-mms.pcap.out0
-rw-r--r--test/results/flow-captured/default/jsonrpc.pcap.out1
-rw-r--r--test/results/flow-captured/default/kafka.pcapng.out0
-rw-r--r--test/results/flow-captured/default/kcp.pcap.out0
-rw-r--r--test/results/flow-captured/default/mining.pcapng.out4
-rw-r--r--test/results/flow-captured/default/monero.pcap.out2
-rw-r--r--test/results/flow-captured/default/mumble.pcapng.out0
-rw-r--r--test/results/flow-captured/default/mysql.pcapng.out0
-rw-r--r--test/results/flow-captured/default/nomachine.pcapng.out2
-rw-r--r--test/results/flow-captured/default/opc-ua.pcap.out0
-rw-r--r--test/results/flow-captured/default/openflow.pcap.out0
-rw-r--r--test/results/flow-captured/default/openvpn-tlscrypt.pcap.out0
-rw-r--r--test/results/flow-captured/default/openvpn.pcap.out9
-rw-r--r--test/results/flow-captured/default/openvpn_nohmac.pcapng.out0
-rw-r--r--test/results/flow-captured/default/openvpn_nohmac_tcp.pcapng.out0
-rw-r--r--test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out1
-rw-r--r--test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out1
-rw-r--r--test/results/flow-captured/default/pia.pcap.out0
-rw-r--r--test/results/flow-captured/default/profinet-io-le.pcap.out1
-rw-r--r--test/results/flow-captured/default/ptpv2.pcap.out0
-rw-r--r--test/results/flow-captured/default/quic_frags_different_dcid.pcapng.out0
-rw-r--r--test/results/flow-captured/default/radmin3.pcapng.out2
-rw-r--r--test/results/flow-captured/default/raft.pcap.out0
-rw-r--r--test/results/flow-captured/default/rdp3.pcap.out1
-rw-r--r--test/results/flow-captured/default/resp.pcap.out0
-rw-r--r--test/results/flow-captured/default/roughtime.pcap.out0
-rw-r--r--test/results/flow-captured/default/rtps.pcap.out1
-rw-r--r--test/results/flow-captured/default/s7comm-plus.pcap.out0
-rw-r--r--test/results/flow-captured/default/skinny.pcap.out1
-rw-r--r--test/results/flow-captured/default/spotify_tcp.pcap.out0
-rw-r--r--test/results/flow-captured/default/steam.pcapng.out0
-rw-r--r--test/results/flow-captured/default/stomp.pcapng.out0
-rw-r--r--test/results/flow-captured/default/stun_dtls_rtp.pcapng.out1
-rw-r--r--test/results/flow-captured/default/stun_dtls_rtp_unidir.pcapng.out2
-rw-r--r--test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out1
-rw-r--r--test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out1
-rw-r--r--test/results/flow-captured/default/stun_google_meet.pcapng.out1
-rw-r--r--test/results/flow-captured/default/synscan.pcap.out12
-rw-r--r--test/results/flow-captured/default/telegram.pcap.out2
-rw-r--r--test/results/flow-captured/default/tftp.pcap.out1
-rw-r--r--test/results/flow-captured/default/tls_malicious_sha1.pcapng.out0
-rw-r--r--test/results/flow-captured/default/uftp_v4_v5.pcap.out0
-rw-r--r--test/results/flow-captured/default/umas.pcap.out0
-rw-r--r--test/results/flow-captured/default/webdav.pcap.out1
-rw-r--r--test/results/flow-captured/default/yojimbo.pcap.out0
-rw-r--r--test/results/flow-captured/default/zcash.pcap.out1
-rw-r--r--test/results/flow-captured/default/zoom2.pcap.out3
-rw-r--r--test/results/flow-captured/disable_metadata/tls_verylong_certificate.pcap.out0
-rw-r--r--test/results/flow-captured/dns_process_response_disable/dns.pcap.out0
-rw-r--r--test/results/flow-captured/dns_subclassification_and_process_response_disable/dns.pcap.out0
-rw-r--r--test/results/flow-captured/dns_subclassification_disable/dns.pcap.out0
-rw-r--r--test/results/flow-captured/enable_stun_monitoring_with_subproto/wa_voice.pcap.out6
-rw-r--r--test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out1
-rw-r--r--test/results/flow-captured/guessing_disable/webex.pcap.out18
-rw-r--r--test/results/flow-captured/http_process_response_disable/http.pcapng.out0
-rw-r--r--test/results/flow-captured/http_process_response_disable/http_asymmetric.pcapng.out2
-rw-r--r--test/results/flow-captured/ip_lists_disable/1kxun.pcap.out112
-rw-r--r--test/results/flow-captured/packets_limit_per_flow/tls_verylong_certificate.pcap.out0
91 files changed, 249 insertions, 71 deletions
diff --git a/test/results/flow-captured/caches_global/bittorrent.pcap.out b/test/results/flow-captured/caches_global/bittorrent.pcap.out
new file mode 100644
index 000000000..05cf521a2
--- /dev/null
+++ b/test/results/flow-captured/caches_global/bittorrent.pcap.out
@@ -0,0 +1,46 @@
+Flow 17 risky: tcp 192.168.1.3:52915 -> 198.100.146.9:60163
+Flow 17 midstream: tcp 192.168.1.3:52915 -> 198.100.146.9:60163
+Flow 2 risky: tcp 192.168.1.3:52887 -> 82.57.97.83:53137
+Flow 2 midstream: tcp 192.168.1.3:52887 -> 82.57.97.83:53137
+Flow 11 risky: tcp 192.168.1.3:52906 -> 82.57.97.83:53137
+Flow 11 midstream: tcp 192.168.1.3:52906 -> 82.57.97.83:53137
+Flow 3 midstream: tcp 192.168.1.3:52895 -> 83.216.184.241:51413
+Flow 22 midstream: tcp 192.168.1.3:52927 -> 83.216.184.241:51413
+Flow 21 risky: tcp 192.168.1.3:52922 -> 95.237.193.34:11321
+Flow 21 midstream: tcp 192.168.1.3:52922 -> 95.237.193.34:11321
+Flow 13 risky: tcp 192.168.1.3:52912 -> 151.72.255.163:59928
+Flow 13 midstream: tcp 192.168.1.3:52912 -> 151.72.255.163:59928
+Flow 6 risky: tcp 192.168.1.3:52897 -> 151.26.95.30:22673
+Flow 6 midstream: tcp 192.168.1.3:52897 -> 151.26.95.30:22673
+Flow 12 risky: tcp 192.168.1.3:52911 -> 151.26.95.30:22673
+Flow 12 midstream: tcp 192.168.1.3:52911 -> 151.26.95.30:22673
+Flow 20 risky: tcp 192.168.1.3:52921 -> 95.234.159.16:41205
+Flow 20 midstream: tcp 192.168.1.3:52921 -> 95.234.159.16:41205
+Flow 23 risky: tcp 192.168.1.3:52926 -> 93.65.249.100:31336
+Flow 23 midstream: tcp 192.168.1.3:52926 -> 93.65.249.100:31336
+Flow 24 risky: tcp 192.168.1.3:52925 -> 93.65.227.100:19116
+Flow 24 midstream: tcp 192.168.1.3:52925 -> 93.65.227.100:19116
+Flow 9 risky: tcp 192.168.1.3:52902 -> 190.103.195.56:46633
+Flow 9 midstream: tcp 192.168.1.3:52902 -> 190.103.195.56:46633
+Flow 18 risky: tcp 192.168.1.3:52914 -> 190.103.195.56:46633
+Flow 18 midstream: tcp 192.168.1.3:52914 -> 190.103.195.56:46633
+Flow 4 risky: tcp 192.168.1.3:52896 -> 79.53.228.2:14627
+Flow 4 midstream: tcp 192.168.1.3:52896 -> 79.53.228.2:14627
+Flow 14 risky: tcp 192.168.1.3:52909 -> 79.53.228.2:14627
+Flow 14 midstream: tcp 192.168.1.3:52909 -> 79.53.228.2:14627
+Flow 7 risky: tcp 192.168.1.3:52893 -> 79.55.129.22:12097
+Flow 7 midstream: tcp 192.168.1.3:52893 -> 79.55.129.22:12097
+Flow 16 risky: tcp 192.168.1.3:52908 -> 79.55.129.22:12097
+Flow 16 midstream: tcp 192.168.1.3:52908 -> 79.55.129.22:12097
+Flow 19 risky: tcp 192.168.1.3:52917 -> 151.15.48.189:47001
+Flow 19 midstream: tcp 192.168.1.3:52917 -> 151.15.48.189:47001
+Flow 8 risky: tcp 192.168.1.3:52903 -> 198.100.146.9:60163
+Flow 8 midstream: tcp 192.168.1.3:52903 -> 198.100.146.9:60163
+Flow 1 risky: tcp 192.168.1.3:52888 -> 82.58.216.115:38305
+Flow 1 midstream: tcp 192.168.1.3:52888 -> 82.58.216.115:38305
+Flow 10 risky: tcp 192.168.1.3:52907 -> 82.58.216.115:38305
+Flow 10 midstream: tcp 192.168.1.3:52907 -> 82.58.216.115:38305
+Flow 5 risky: tcp 192.168.1.3:52894 -> 120.62.33.241:39332
+Flow 5 midstream: tcp 192.168.1.3:52894 -> 120.62.33.241:39332
+Flow 15 risky: tcp 192.168.1.3:52910 -> 120.62.33.241:39332
+Flow 15 midstream: tcp 192.168.1.3:52910 -> 120.62.33.241:39332
diff --git a/test/results/flow-captured/disable_stun_monitoring/lru_ipv6_caches.pcapng.out b/test/results/flow-captured/caches_global/lru_ipv6_caches.pcapng.out
index 79c0e80d8..79c0e80d8 100644
--- a/test/results/flow-captured/disable_stun_monitoring/lru_ipv6_caches.pcapng.out
+++ b/test/results/flow-captured/caches_global/lru_ipv6_caches.pcapng.out
diff --git a/test/results/flow-captured/caches_global/mining.pcapng.out b/test/results/flow-captured/caches_global/mining.pcapng.out
new file mode 100644
index 000000000..272753c06
--- /dev/null
+++ b/test/results/flow-captured/caches_global/mining.pcapng.out
@@ -0,0 +1,4 @@
+Flow 1 risky: tcp 147.229.13.222:49307 -> 185.71.66.39:9999
+Flow 2 risky: tcp 192.168.2.92:55190 -> 178.32.196.217:9050
+Flow 3 risky: tcp 192.168.2.148:46838 -> 94.23.199.191:3333
+Flow 4 risky: tcp 192.168.2.148:53846 -> 116.211.167.195:3333
diff --git a/test/results/flow-captured/caches_global/ookla.pcap.out b/test/results/flow-captured/caches_global/ookla.pcap.out
new file mode 100644
index 000000000..76a45ed58
--- /dev/null
+++ b/test/results/flow-captured/caches_global/ookla.pcap.out
@@ -0,0 +1,2 @@
+Flow 3 risky: tcp 192.168.1.7:51207 -> 46.44.253.187:80
+Flow 6 risky: tcp 192.168.1.128:35830 -> 89.96.108.170:8080
diff --git a/test/results/flow-captured/caches_global/teams.pcap.out b/test/results/flow-captured/caches_global/teams.pcap.out
new file mode 100644
index 000000000..7a0343add
--- /dev/null
+++ b/test/results/flow-captured/caches_global/teams.pcap.out
@@ -0,0 +1,21 @@
+Flow 7 risky: tcp 192.168.1.6:60535 -> 52.114.77.33:443
+Flow 48 risky: tcp 192.168.1.6:60559 -> 52.114.77.33:443
+Flow 64 risky: tcp 192.168.1.6:50018 -> 52.114.250.123:443
+Flow 78 risky: udp 93.71.110.205:16332 -> 192.168.1.6:50016
+Flow 67 risky: tcp 192.168.1.6:50021 -> 52.114.250.123:443
+Flow 43 risky: tcp 192.168.1.6:60554 -> 52.113.194.132:443
+Flow 76 risky: udp 192.168.1.6:50016 -> 192.168.0.4:50005
+Flow 77 risky: udp 192.168.1.6:50036 -> 192.168.0.4:50020
+Flow 36 risky: udp 192.168.1.6:61245 -> 192.168.1.1:53
+Flow 4 risky: tcp 192.168.1.6:60532 -> 52.114.77.33:443
+Flow 25 risky: tcp 192.168.1.6:60543 -> 52.114.77.33:443
+Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443
+Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443
+Flow 30 risky: tcp 192.168.1.6:60546 -> 167.99.215.164:4434
+Flow 61 risky: tcp 192.168.1.6:60566 -> 167.99.215.164:4434
+Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
+Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
+Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
+Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53
+Flow 81 risky: udp 52.114.252.8:3479 -> 192.168.1.6:50016
+Flow 80 risky: udp 52.114.252.21:3480 -> 192.168.1.6:50036
diff --git a/test/results/flow-captured/default/mysql-8.pcap.out b/test/results/flow-captured/caches_global/zoom_p2p.pcapng.out
index e69de29bb..e69de29bb 100644
--- a/test/results/flow-captured/default/mysql-8.pcap.out
+++ b/test/results/flow-captured/caches_global/zoom_p2p.pcapng.out
diff --git a/test/results/flow-captured/default/anyconnect-vpn.pcap.out b/test/results/flow-captured/default/anyconnect-vpn.pcap.out
index b016524e5..1dbcad056 100644
--- a/test/results/flow-captured/default/anyconnect-vpn.pcap.out
+++ b/test/results/flow-captured/default/anyconnect-vpn.pcap.out
@@ -6,7 +6,6 @@ Flow 16 risky: udp 10.0.0.227:63107 -> 75.75.76.76:53
Flow 34 risky: udp 10.0.0.227:52879 -> 75.75.75.75:53
Flow 58 risky: udp 10.0.0.227:54107 -> 8.37.102.91:443
Flow 36 risky: udp 10.0.0.227:57017 -> 75.75.75.75:53
-Flow 68 risky: udp 10.0.0.149:5353 -> 224.0.0.251:5353
Flow 35 risky: udp 10.0.0.227:59222 -> 75.75.75.75:53
Flow 33 risky: udp 10.0.0.227:57261 -> 75.75.75.75:53
Flow 3 risky: tcp 10.0.0.227:56320 -> 10.0.0.149:8009
diff --git a/test/results/flow-captured/default/steam.pcap.out b/test/results/flow-captured/default/beckhoff_ads.pcapng.out
index e69de29bb..e69de29bb 100644
--- a/test/results/flow-captured/default/steam.pcap.out
+++ b/test/results/flow-captured/default/beckhoff_ads.pcapng.out
diff --git a/test/results/flow-captured/default/bitcoin.pcap.out b/test/results/flow-captured/default/bitcoin.pcap.out
index 174314cbc..41b6b1707 100644
--- a/test/results/flow-captured/default/bitcoin.pcap.out
+++ b/test/results/flow-captured/default/bitcoin.pcap.out
@@ -1,6 +1,6 @@
-Flow 2 midstream: tcp 192.168.1.142:55328 -> 69.118.54.122:8333
Flow 3 midstream: tcp 192.168.1.142:55348 -> 74.89.181.229:8333
Flow 4 midstream: tcp 192.168.1.142:55383 -> 66.68.83.22:8333
Flow 5 midstream: tcp 192.168.1.142:55400 -> 195.218.16.178:8333
Flow 6 midstream: tcp 192.168.1.142:55487 -> 184.58.165.119:8333
Flow 1 midstream: tcp 192.168.1.142:55317 -> 188.165.213.169:8333
+Flow 2 midstream: tcp 192.168.1.142:55328 -> 69.118.54.122:8333
diff --git a/test/results/flow-captured/default/bittorrent_utp.pcap.out b/test/results/flow-captured/default/bittorrent_utp.pcap.out
index e418a8484..ab9151e51 100644
--- a/test/results/flow-captured/default/bittorrent_utp.pcap.out
+++ b/test/results/flow-captured/default/bittorrent_utp.pcap.out
@@ -1 +1,2 @@
Flow 1 risky: udp 82.243.113.43:64969 -> 192.168.1.5:40959
+Flow 2 risky: udp 127.0.0.1:49861 -> 127.0.0.1:33333
diff --git a/test/results/flow-captured/default/steam_datagram_relay_ping.pcapng.out b/test/results/flow-captured/default/ceph.pcap.out
index e69de29bb..e69de29bb 100644
--- a/test/results/flow-captured/default/steam_datagram_relay_ping.pcapng.out
+++ b/test/results/flow-captured/default/ceph.pcap.out
diff --git a/test/results/flow-captured/default/cip_io.pcap.out b/test/results/flow-captured/default/cip_io.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/cip_io.pcap.out
diff --git a/test/results/flow-captured/default/custom_rules_ipv6.pcapng.out b/test/results/flow-captured/default/custom_rules_ipv6.pcapng.out
index ff74288f0..dd09d4cb7 100644
--- a/test/results/flow-captured/default/custom_rules_ipv6.pcapng.out
+++ b/test/results/flow-captured/default/custom_rules_ipv6.pcapng.out
@@ -1,3 +1,5 @@
Flow 1 not-detected: udp 3ffe:507::1:200:86ff:fe05:80da:21554 -> 3ffe:501:4819::42:5333
-Flow 4 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12718 -> ff02::1:26993
-Flow 5 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12717 -> ff02::1:64315
+Flow 6 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12718 -> ff02::1:26993
+Flow 5 not-detected: udp fe80::76ac:b9ff:fedd:a1e2:12719 -> ff02::1:26993
+Flow 4 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12719 -> ff02::1:26993
+Flow 7 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12717 -> ff02::1:64315
diff --git a/test/results/flow-captured/default/dcerpc.pcap.out b/test/results/flow-captured/default/dcerpc.pcap.out
index e69de29bb..c81c9b8b6 100644
--- a/test/results/flow-captured/default/dcerpc.pcap.out
+++ b/test/results/flow-captured/default/dcerpc.pcap.out
@@ -0,0 +1,4 @@
+Flow 4 risky: udp 192.168.1.11:49154 -> 192.168.1.20:49162
+Flow 2 risky: udp 192.168.1.20:49161 -> 192.168.1.11:49155
+Flow 1 risky: udp 192.168.1.11:49155 -> 192.168.1.20:34964
+Flow 3 risky: udp 192.168.1.20:49162 -> 192.168.1.11:34964
diff --git a/test/results/flow-captured/default/dlms.pcap.out b/test/results/flow-captured/default/dlms.pcap.out
new file mode 100644
index 000000000..577b71e56
--- /dev/null
+++ b/test/results/flow-captured/default/dlms.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 192.168.137.20:60797 -> 192.168.137.189:4060
diff --git a/test/results/flow-captured/default/dns.pcap.out b/test/results/flow-captured/default/dns.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/dns.pcap.out
diff --git a/test/results/flow-captured/default/dtls_certificate.pcapng.out b/test/results/flow-captured/default/dtls_certificate.pcapng.out
index 61fbba47e..e69de29bb 100644
--- a/test/results/flow-captured/default/dtls_certificate.pcapng.out
+++ b/test/results/flow-captured/default/dtls_certificate.pcapng.out
@@ -1 +0,0 @@
-Flow 1 risky: udp 191.62.60.190:443 -> 163.205.15.180:38876
diff --git a/test/results/flow-captured/default/emotet.pcap.out b/test/results/flow-captured/default/emotet.pcap.out
index d58818b46..3eb459004 100644
--- a/test/results/flow-captured/default/emotet.pcap.out
+++ b/test/results/flow-captured/default/emotet.pcap.out
@@ -1,4 +1,3 @@
Flow 3 risky: tcp 10.4.20.102:54319 -> 107.161.178.210:80
Flow 4 risky: tcp 10.4.25.101:49797 -> 77.105.36.156:80
-Flow 5 risky: tcp 10.4.25.101:49803 -> 138.197.147.101:443
Flow 6 risky: tcp 10.4.25.101:49804 -> 138.197.147.101:443
diff --git a/test/results/flow-captured/default/ethersbus.pcap.out b/test/results/flow-captured/default/ethersbus.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/ethersbus.pcap.out
diff --git a/test/results/flow-captured/default/ethersio.pcap.out b/test/results/flow-captured/default/ethersio.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/ethersio.pcap.out
diff --git a/test/results/flow-captured/default/fins.pcap.out b/test/results/flow-captured/default/fins.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/fins.pcap.out
diff --git a/test/results/flow-captured/default/gearman.pcap.out b/test/results/flow-captured/default/gearman.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/gearman.pcap.out
diff --git a/test/results/flow-captured/default/google_chat.pcapng.out b/test/results/flow-captured/default/google_chat.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/google_chat.pcapng.out
diff --git a/test/results/flow-captured/default/google_meet.pcapng.out b/test/results/flow-captured/default/google_meet.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/google_meet.pcapng.out
diff --git a/test/results/flow-captured/default/gquic_only_from_server.pcap.out b/test/results/flow-captured/default/gquic_only_from_server.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/gquic_only_from_server.pcap.out
diff --git a/test/results/flow-captured/default/h323_tcp.pcap.out b/test/results/flow-captured/default/h323_tcp.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/h323_tcp.pcap.out
diff --git a/test/results/flow-captured/default/hart_ip.pcap.out b/test/results/flow-captured/default/hart_ip.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/hart_ip.pcap.out
diff --git a/test/results/flow-captured/default/hislip.pcap.out b/test/results/flow-captured/default/hislip.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/hislip.pcap.out
diff --git a/test/results/flow-captured/default/hl7.pcap.out b/test/results/flow-captured/default/hl7.pcap.out
new file mode 100644
index 000000000..a656e9571
--- /dev/null
+++ b/test/results/flow-captured/default/hl7.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 10.0.0.155:49242 -> 10.0.0.126:6661
diff --git a/test/results/flow-captured/default/http.pcapng.out b/test/results/flow-captured/default/http.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/http.pcapng.out
diff --git a/test/results/flow-captured/default/http_asymmetric.pcapng.out b/test/results/flow-captured/default/http_asymmetric.pcapng.out
index 525d309cb..e72b81357 100644
--- a/test/results/flow-captured/default/http_asymmetric.pcapng.out
+++ b/test/results/flow-captured/default/http_asymmetric.pcapng.out
@@ -1 +1,2 @@
Flow 2 risky: tcp 192.168.1.146:80 -> 192.168.1.103:1044
+Flow 1 risky: tcp 192.168.0.1:1044 -> 10.10.10.1:80
diff --git a/test/results/flow-captured/default/ieee_c37118.pcap.out b/test/results/flow-captured/default/ieee_c37118.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/ieee_c37118.pcap.out
diff --git a/test/results/flow-captured/default/ip_fragmented_garbage.pcap.out b/test/results/flow-captured/default/ip_fragmented_garbage.pcap.out
index 75a13d27c..e491612da 100644
--- a/test/results/flow-captured/default/ip_fragmented_garbage.pcap.out
+++ b/test/results/flow-captured/default/ip_fragmented_garbage.pcap.out
@@ -1,42 +1,5 @@
Flow 4 not-detected: tcp 10.0.0.2:16417 -> 10.128.0.2:16419
-Flow 8 not-detected: tcp 10.0.0.2:9508 -> 10.128.0.2:8995
-Flow 20 not-detected: tcp 10.0.0.2:9508 -> 10.128.0.2:8998
-Flow 7 not-detected: tcp 10.0.0.2:10790 -> 10.128.0.2:24101
Flow 1 not-detected: tcp 10.0.0.2:24102 -> 10.128.0.2:10792
Flow 2 not-detected: tcp 10.0.0.2:18730 -> 10.128.0.2:20304
Flow 2 midstream: tcp 10.0.0.2:18730 -> 10.128.0.2:20304
-Flow 24 not-detected: tcp 10.0.0.2:24136 -> 10.128.0.2:16967
-Flow 24 midstream: tcp 10.0.0.2:24136 -> 10.128.0.2:16967
-Flow 27 not-detected: tcp 10.0.0.2:17751 -> 10.128.0.2:9024
-Flow 10 not-detected: tcp 10.0.0.2:14387 -> 10.128.0.2:14646
-Flow 10 midstream: tcp 10.0.0.2:14387 -> 10.128.0.2:14646
-Flow 16 not-detected: tcp 10.0.0.2:16199 -> 10.128.0.2:21055
-Flow 23 not-detected: tcp 10.0.0.2:18762 -> 10.128.0.2:18503
-Flow 11 not-detected: tcp 10.0.0.2:18248 -> 10.128.0.2:19019
-Flow 11 midstream: tcp 10.0.0.2:18248 -> 10.128.0.2:19019
-Flow 13 not-detected: tcp 10.0.0.2:16243 -> 10.128.0.2:21055
-Flow 28 not-detected: tcp 10.0.0.2:27502 -> 10.128.0.2:30307
-Flow 6 not-detected: tcp 10.0.0.2:24101 -> 10.128.0.2:9251
Flow 3 not-detected: tcp 10.0.0.2:9253 -> 10.128.0.2:24102
-Flow 26 not-detected: tcp 10.0.0.2:9251 -> 10.128.0.2:9770
-Flow 25 not-detected: tcp 10.0.0.2:29799 -> 10.128.0.2:26228
-Flow 5 not-detected: tcp 10.0.0.2:21029 -> 10.128.0.2:22878
-Flow 5 midstream: tcp 10.0.0.2:21029 -> 10.128.0.2:22878
-Flow 29 not-detected: tcp 10.0.0.2:10792 -> 10.128.0.2:10790
-Flow 15 not-detected: tcp 10.0.0.2:2612 -> 10.128.0.2:12849
-Flow 15 midstream: tcp 10.0.0.2:2612 -> 10.128.0.2:12849
-Flow 12 not-detected: tcp 10.0.0.2:13105 -> 10.128.0.2:14648
-Flow 12 midstream: tcp 10.0.0.2:13105 -> 10.128.0.2:14648
-Flow 21 not-detected: tcp 10.0.0.2:13362 -> 10.128.0.2:12596
-Flow 21 midstream: tcp 10.0.0.2:13362 -> 10.128.0.2:12596
-Flow 17 not-detected: tcp 10.0.0.2:19273 -> 10.128.0.2:19016
-Flow 17 midstream: tcp 10.0.0.2:19273 -> 10.128.0.2:19016
-Flow 18 not-detected: tcp 10.0.0.2:9566 -> 10.128.0.2:18498
-Flow 18 midstream: tcp 10.0.0.2:9566 -> 10.128.0.2:18498
-Flow 19 not-detected: tcp 10.0.0.2:11892 -> 10.128.0.2:26470
-Flow 14 not-detected: tcp 10.0.0.2:17458 -> 10.128.0.2:10790
-Flow 14 midstream: tcp 10.0.0.2:17458 -> 10.128.0.2:10790
-Flow 9 not-detected: tcp 10.0.0.2:13617 -> 10.128.0.2:10536
-Flow 9 midstream: tcp 10.0.0.2:13617 -> 10.128.0.2:10536
-Flow 22 not-detected: tcp 10.0.0.2:18258 -> 10.128.0.2:16199
-Flow 22 midstream: tcp 10.0.0.2:18258 -> 10.128.0.2:16199
diff --git a/test/results/flow-captured/default/iso9506-1-mms.pcap.out b/test/results/flow-captured/default/iso9506-1-mms.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/iso9506-1-mms.pcap.out
diff --git a/test/results/flow-captured/default/jsonrpc.pcap.out b/test/results/flow-captured/default/jsonrpc.pcap.out
new file mode 100644
index 000000000..f1f919c62
--- /dev/null
+++ b/test/results/flow-captured/default/jsonrpc.pcap.out
@@ -0,0 +1 @@
+Flow 2 risky: tcp 192.168.8.251:51084 -> 179.99.210.200:80
diff --git a/test/results/flow-captured/default/kafka.pcapng.out b/test/results/flow-captured/default/kafka.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/kafka.pcapng.out
diff --git a/test/results/flow-captured/default/kcp.pcap.out b/test/results/flow-captured/default/kcp.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/kcp.pcap.out
diff --git a/test/results/flow-captured/default/mining.pcapng.out b/test/results/flow-captured/default/mining.pcapng.out
new file mode 100644
index 000000000..272753c06
--- /dev/null
+++ b/test/results/flow-captured/default/mining.pcapng.out
@@ -0,0 +1,4 @@
+Flow 1 risky: tcp 147.229.13.222:49307 -> 185.71.66.39:9999
+Flow 2 risky: tcp 192.168.2.92:55190 -> 178.32.196.217:9050
+Flow 3 risky: tcp 192.168.2.148:46838 -> 94.23.199.191:3333
+Flow 4 risky: tcp 192.168.2.148:53846 -> 116.211.167.195:3333
diff --git a/test/results/flow-captured/default/monero.pcap.out b/test/results/flow-captured/default/monero.pcap.out
index 007f6106f..e69de29bb 100644
--- a/test/results/flow-captured/default/monero.pcap.out
+++ b/test/results/flow-captured/default/monero.pcap.out
@@ -1,2 +0,0 @@
-Flow 1 risky: tcp 192.168.2.148:46838 -> 94.23.199.191:3333
-Flow 2 risky: tcp 192.168.2.148:53846 -> 116.211.167.195:3333
diff --git a/test/results/flow-captured/default/mumble.pcapng.out b/test/results/flow-captured/default/mumble.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/mumble.pcapng.out
diff --git a/test/results/flow-captured/default/mysql.pcapng.out b/test/results/flow-captured/default/mysql.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/mysql.pcapng.out
diff --git a/test/results/flow-captured/default/nomachine.pcapng.out b/test/results/flow-captured/default/nomachine.pcapng.out
new file mode 100644
index 000000000..53ac60eb1
--- /dev/null
+++ b/test/results/flow-captured/default/nomachine.pcapng.out
@@ -0,0 +1,2 @@
+Flow 1 risky: tcp 192.168.88.231:48084 -> 192.168.88.208:4000
+Flow 2 risky: udp 192.168.88.231:56019 -> 192.168.88.208:4000
diff --git a/test/results/flow-captured/default/opc-ua.pcap.out b/test/results/flow-captured/default/opc-ua.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/opc-ua.pcap.out
diff --git a/test/results/flow-captured/default/openflow.pcap.out b/test/results/flow-captured/default/openflow.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/openflow.pcap.out
diff --git a/test/results/flow-captured/default/openvpn-tlscrypt.pcap.out b/test/results/flow-captured/default/openvpn-tlscrypt.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/openvpn-tlscrypt.pcap.out
diff --git a/test/results/flow-captured/default/openvpn.pcap.out b/test/results/flow-captured/default/openvpn.pcap.out
index b1269c92d..e1ddc9405 100644
--- a/test/results/flow-captured/default/openvpn.pcap.out
+++ b/test/results/flow-captured/default/openvpn.pcap.out
@@ -1,3 +1,6 @@
-Flow 1 risky: tcp 192.168.1.77:60140 -> 46.101.231.218:443
-Flow 2 risky: udp 192.168.43.12:41507 -> 139.59.151.137:13680
-Flow 3 risky: udp 192.168.43.18:13680 -> 139.59.151.137:13680
+Flow 2 risky: udp 69.197.143.179:443 -> 10.0.2.15:60201
+Flow 1 risky: udp 192.168.75.18:60201 -> 166.161.181.18:443
+Flow 4 risky: tcp 192.168.1.77:60140 -> 46.101.231.218:443
+Flow 5 risky: udp 192.168.43.12:41507 -> 139.59.151.137:13680
+Flow 6 risky: udp 192.168.43.18:13680 -> 139.59.151.137:13680
+Flow 8 risky: tcp 127.0.0.1:36138 -> 127.0.0.1:443
diff --git a/test/results/flow-captured/default/openvpn_nohmac.pcapng.out b/test/results/flow-captured/default/openvpn_nohmac.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/openvpn_nohmac.pcapng.out
diff --git a/test/results/flow-captured/default/openvpn_nohmac_tcp.pcapng.out b/test/results/flow-captured/default/openvpn_nohmac_tcp.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/openvpn_nohmac_tcp.pcapng.out
diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out
index a36692a5b..8f04d32ca 100644
--- a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out
+++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out
@@ -1,4 +1,5 @@
Flow 2 risky: udp 127.0.0.1:1119 -> 127.0.0.1:1120
+Flow 7 not-detected: udp 127.0.0.1:100 -> 127.0.0.1:200
Flow 4 risky: tcp 192.168.1.128:1 -> 121.254.200.130:1119
Flow 4 midstream: tcp 192.168.1.128:1 -> 121.254.200.130:1119
Flow 6 risky: tcp 192.168.1.128:1 -> 12.129.236.254:1119
diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out
index e69de29bb..de380358f 100644
--- a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out
+++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 192.168.0.1:8787 -> 10.10.10.1:32177
diff --git a/test/results/flow-captured/default/pia.pcap.out b/test/results/flow-captured/default/pia.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/pia.pcap.out
diff --git a/test/results/flow-captured/default/profinet-io-le.pcap.out b/test/results/flow-captured/default/profinet-io-le.pcap.out
new file mode 100644
index 000000000..ab08bdd2c
--- /dev/null
+++ b/test/results/flow-captured/default/profinet-io-le.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: udp 10.10.0.150:1566 -> 10.10.0.129:34964
diff --git a/test/results/flow-captured/default/ptpv2.pcap.out b/test/results/flow-captured/default/ptpv2.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/ptpv2.pcap.out
diff --git a/test/results/flow-captured/default/quic_frags_different_dcid.pcapng.out b/test/results/flow-captured/default/quic_frags_different_dcid.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/quic_frags_different_dcid.pcapng.out
diff --git a/test/results/flow-captured/default/radmin3.pcapng.out b/test/results/flow-captured/default/radmin3.pcapng.out
new file mode 100644
index 000000000..55aacf056
--- /dev/null
+++ b/test/results/flow-captured/default/radmin3.pcapng.out
@@ -0,0 +1,2 @@
+Flow 1 risky: tcp 192.168.88.208:49736 -> 192.168.88.197:4899
+Flow 2 risky: tcp 192.168.88.208:49739 -> 192.168.88.197:4899
diff --git a/test/results/flow-captured/default/raft.pcap.out b/test/results/flow-captured/default/raft.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/raft.pcap.out
diff --git a/test/results/flow-captured/default/rdp3.pcap.out b/test/results/flow-captured/default/rdp3.pcap.out
new file mode 100644
index 000000000..b9990a485
--- /dev/null
+++ b/test/results/flow-captured/default/rdp3.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 10.150.9.21:1685 -> 10.157.4.161:3389
diff --git a/test/results/flow-captured/default/resp.pcap.out b/test/results/flow-captured/default/resp.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/resp.pcap.out
diff --git a/test/results/flow-captured/default/roughtime.pcap.out b/test/results/flow-captured/default/roughtime.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/roughtime.pcap.out
diff --git a/test/results/flow-captured/default/rtps.pcap.out b/test/results/flow-captured/default/rtps.pcap.out
new file mode 100644
index 000000000..c34f212bc
--- /dev/null
+++ b/test/results/flow-captured/default/rtps.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: udp 127.0.0.1:28108 -> 127.0.0.1:7410
diff --git a/test/results/flow-captured/default/s7comm-plus.pcap.out b/test/results/flow-captured/default/s7comm-plus.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/s7comm-plus.pcap.out
diff --git a/test/results/flow-captured/default/skinny.pcap.out b/test/results/flow-captured/default/skinny.pcap.out
index 1005c786b..d93757842 100644
--- a/test/results/flow-captured/default/skinny.pcap.out
+++ b/test/results/flow-captured/default/skinny.pcap.out
@@ -1,3 +1,2 @@
Flow 1 midstream: tcp 192.168.195.58:49399 -> 192.168.193.12:2000
Flow 2 midstream: tcp 192.168.193.12:2000 -> 192.168.195.50:51532
-Flow 8 midstream: tcp 192.168.195.58:50917 -> 10.16.2.25:2000
diff --git a/test/results/flow-captured/default/spotify_tcp.pcap.out b/test/results/flow-captured/default/spotify_tcp.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/spotify_tcp.pcap.out
diff --git a/test/results/flow-captured/default/steam.pcapng.out b/test/results/flow-captured/default/steam.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/steam.pcapng.out
diff --git a/test/results/flow-captured/default/stomp.pcapng.out b/test/results/flow-captured/default/stomp.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/stomp.pcapng.out
diff --git a/test/results/flow-captured/default/stun_dtls_rtp.pcapng.out b/test/results/flow-captured/default/stun_dtls_rtp.pcapng.out
new file mode 100644
index 000000000..fafa9ec68
--- /dev/null
+++ b/test/results/flow-captured/default/stun_dtls_rtp.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: udp 192.168.12.156:37967 -> 142.250.82.76:19305
diff --git a/test/results/flow-captured/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/flow-captured/default/stun_dtls_rtp_unidir.pcapng.out
new file mode 100644
index 000000000..d234da29e
--- /dev/null
+++ b/test/results/flow-captured/default/stun_dtls_rtp_unidir.pcapng.out
@@ -0,0 +1,2 @@
+Flow 1 risky: udp 10.10.0.1:65226 -> 10.1.0.3:57730
+Flow 2 risky: udp 10.1.0.3:5853 -> 10.10.0.1:2808
diff --git a/test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out b/test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out
index 14abb1393..e69de29bb 100644
--- a/test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out
+++ b/test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out
@@ -1 +0,0 @@
-Flow 1 risky: udp 26.83.9.81:57567 -> 33.35.223.103:540
diff --git a/test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out b/test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out
index f72e2de18..e69de29bb 100644
--- a/test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out
+++ b/test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out
@@ -1 +0,0 @@
-Flow 1 risky: udp 33.35.223.103:540 -> 26.83.9.81:57567
diff --git a/test/results/flow-captured/default/stun_google_meet.pcapng.out b/test/results/flow-captured/default/stun_google_meet.pcapng.out
index 1dd9dd75c..b192b4471 100644
--- a/test/results/flow-captured/default/stun_google_meet.pcapng.out
+++ b/test/results/flow-captured/default/stun_google_meet.pcapng.out
@@ -2,3 +2,4 @@ Flow 3 risky: udp 192.168.12.156:38152 -> 142.250.82.76:19305
Flow 4 risky: udp 192.168.12.156:45400 -> 142.250.82.76:19305
Flow 2 risky: udp 192.168.12.156:45400 -> 74.125.128.127:19302
Flow 1 risky: udp 192.168.12.156:38152 -> 74.125.128.127:19302
+Flow 7 risky: udp 2001:b07:a3d:c112:48a1:1094:1227:281e:45572 -> 2001:4860:4864:6::81:19305
diff --git a/test/results/flow-captured/default/synscan.pcap.out b/test/results/flow-captured/default/synscan.pcap.out
index 50e4fd039..56be2c304 100644
--- a/test/results/flow-captured/default/synscan.pcap.out
+++ b/test/results/flow-captured/default/synscan.pcap.out
@@ -502,9 +502,7 @@ Flow 1371 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:51103
Flow 1765 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3998
Flow 122 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:14238
Flow 1448 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:51103
-Flow 182 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4000
Flow 1842 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4001
-Flow 233 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4000
Flow 1919 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4001
Flow 1484 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4002
Flow 1565 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4002
@@ -543,9 +541,7 @@ Flow 263 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:40911
Flow 833 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1999
Flow 316 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:40911
Flow 355 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2001
-Flow 1496 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2002
Flow 388 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2001
-Flow 1553 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2002
Flow 1185 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2003
Flow 1381 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6100
Flow 1271 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2003
@@ -1115,9 +1111,7 @@ Flow 1667 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:636
Flow 299 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:62078
Flow 321 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:62078
Flow 259 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6788
-Flow 1740 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6789
Flow 279 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6788
-Flow 1814 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6789
Flow 497 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:646
Flow 534 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:646
Flow 1499 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6792
@@ -1222,9 +1216,7 @@ Flow 301 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:801
Flow 1037 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8994
Flow 319 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:801
Flow 1118 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8994
-Flow 333 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4899
Flow 692 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4900
-Flow 369 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4899
Flow 755 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4900
Flow 1635 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9000
Flow 209 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:808
@@ -1266,9 +1258,7 @@ Flow 1709 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50003
Flow 1405 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:19283
Flow 1794 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50006
Flow 1863 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50006
-Flow 268 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7000
Flow 616 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7001
-Flow 311 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7000
Flow 947 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7002
Flow 681 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7001
Flow 623 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9050
@@ -1786,8 +1776,6 @@ Flow 110 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1247
Flow 568 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1248
Flow 141 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1247
Flow 652 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1248
-Flow 1191 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3300
-Flow 1265 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3300
Flow 505 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3301
Flow 526 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3301
Flow 1698 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7402
diff --git a/test/results/flow-captured/default/telegram.pcap.out b/test/results/flow-captured/default/telegram.pcap.out
index 875f302c4..f26a08e48 100644
--- a/test/results/flow-captured/default/telegram.pcap.out
+++ b/test/results/flow-captured/default/telegram.pcap.out
@@ -2,6 +2,6 @@ Flow 32 risky: udp 192.168.1.77:5812 -> 192.168.1.1:53
Flow 27 risky: udp 192.168.1.77:47127 -> 192.168.1.1:53
Flow 29 risky: udp 192.168.1.43:138 -> 192.168.1.255:138
Flow 44 not-detected: udp 192.168.1.77:28150 -> 87.11.205.195:59772
-Flow 26 risky: udp 192.168.1.77:23174 -> 87.11.205.195:60723
+Flow 26 not-detected: udp 192.168.1.77:23174 -> 87.11.205.195:60723
Flow 33 risky: udp 192.168.1.77:54595 -> 192.168.1.1:53
Flow 25 not-detected: udp 192.168.1.77:23174 -> 192.168.1.52:31480
diff --git a/test/results/flow-captured/default/tftp.pcap.out b/test/results/flow-captured/default/tftp.pcap.out
index 557a54b8f..86788b75a 100644
--- a/test/results/flow-captured/default/tftp.pcap.out
+++ b/test/results/flow-captured/default/tftp.pcap.out
@@ -1,2 +1,3 @@
Flow 4 risky: udp 192.168.0.10:3445 -> 192.168.0.253:50618
Flow 7 risky: udp 172.28.5.170:62058 -> 172.28.5.91:44618
+Flow 9 risky: udp 192.168.2.200:47649 -> 192.168.2.45:35840
diff --git a/test/results/flow-captured/default/tls_malicious_sha1.pcapng.out b/test/results/flow-captured/default/tls_malicious_sha1.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/tls_malicious_sha1.pcapng.out
diff --git a/test/results/flow-captured/default/uftp_v4_v5.pcap.out b/test/results/flow-captured/default/uftp_v4_v5.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/uftp_v4_v5.pcap.out
diff --git a/test/results/flow-captured/default/umas.pcap.out b/test/results/flow-captured/default/umas.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/umas.pcap.out
diff --git a/test/results/flow-captured/default/webdav.pcap.out b/test/results/flow-captured/default/webdav.pcap.out
new file mode 100644
index 000000000..6c907c396
--- /dev/null
+++ b/test/results/flow-captured/default/webdav.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 10.24.8.189:50652 -> 104.156.149.6:80
diff --git a/test/results/flow-captured/default/yojimbo.pcap.out b/test/results/flow-captured/default/yojimbo.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/yojimbo.pcap.out
diff --git a/test/results/flow-captured/default/zcash.pcap.out b/test/results/flow-captured/default/zcash.pcap.out
deleted file mode 100644
index 16aac9d3a..000000000
--- a/test/results/flow-captured/default/zcash.pcap.out
+++ /dev/null
@@ -1 +0,0 @@
-Flow 1 risky: tcp 192.168.2.92:55190 -> 178.32.196.217:9050
diff --git a/test/results/flow-captured/default/zoom2.pcap.out b/test/results/flow-captured/default/zoom2.pcap.out
index e69de29bb..f00467b39 100644
--- a/test/results/flow-captured/default/zoom2.pcap.out
+++ b/test/results/flow-captured/default/zoom2.pcap.out
@@ -0,0 +1,3 @@
+Flow 2 risky: udp 192.168.1.178:60653 -> 144.195.73.154:8801
+Flow 3 risky: udp 192.168.1.178:58117 -> 144.195.73.154:8801
+Flow 4 risky: udp 192.168.1.178:57953 -> 144.195.73.154:8801
diff --git a/test/results/flow-captured/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/flow-captured/disable_metadata/tls_verylong_certificate.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/disable_metadata/tls_verylong_certificate.pcap.out
diff --git a/test/results/flow-captured/dns_process_response_disable/dns.pcap.out b/test/results/flow-captured/dns_process_response_disable/dns.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/dns_process_response_disable/dns.pcap.out
diff --git a/test/results/flow-captured/dns_subclassification_and_process_response_disable/dns.pcap.out b/test/results/flow-captured/dns_subclassification_and_process_response_disable/dns.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/dns_subclassification_and_process_response_disable/dns.pcap.out
diff --git a/test/results/flow-captured/dns_subclassification_disable/dns.pcap.out b/test/results/flow-captured/dns_subclassification_disable/dns.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/dns_subclassification_disable/dns.pcap.out
diff --git a/test/results/flow-captured/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/flow-captured/enable_stun_monitoring_with_subproto/wa_voice.pcap.out
deleted file mode 100644
index d6eb995ec..000000000
--- a/test/results/flow-captured/enable_stun_monitoring_with_subproto/wa_voice.pcap.out
+++ /dev/null
@@ -1,6 +0,0 @@
-Flow 23 risky: udp 91.252.56.51:32704 -> 192.168.2.12:56328
-Flow 3 midstream: tcp 192.168.2.12:49354 -> 17.242.60.84:5223
-Flow 25 not-detected: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
-Flow 25 midstream: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
-Flow 9 midstream: tcp 17.171.47.85:443 -> 192.168.2.12:50502
-Flow 24 risky: udp 192.168.2.12:56328 -> 1.60.78.64:64282
diff --git a/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out
new file mode 100644
index 000000000..7cce13929
--- /dev/null
+++ b/test/results/flow-captured/flow_risk_lists_disable/protonvpn.pcap.out
@@ -0,0 +1 @@
+Flow 2 risky: udp 10.0.2.15:57701 -> 217.23.3.76:443
diff --git a/test/results/flow-captured/guessing_disable/webex.pcap.out b/test/results/flow-captured/guessing_disable/webex.pcap.out
new file mode 100644
index 000000000..1e895a83d
--- /dev/null
+++ b/test/results/flow-captured/guessing_disable/webex.pcap.out
@@ -0,0 +1,18 @@
+Flow 2 risky: tcp 10.8.0.1:41348 -> 64.68.105.103:443
+Flow 9 risky: tcp 10.8.0.1:41358 -> 64.68.105.103:443
+Flow 37 risky: tcp 10.8.0.1:51155 -> 62.109.224.120:443
+Flow 36 risky: tcp 10.8.0.1:51154 -> 62.109.224.120:443
+Flow 52 risky: tcp 10.8.0.1:51857 -> 62.109.229.158:443
+Flow 45 risky: tcp 10.8.0.1:59756 -> 78.46.237.91:80
+Flow 46 risky: tcp 10.8.0.1:59757 -> 78.46.237.91:80
+Flow 33 midstream: tcp 10.133.206.47:33459 -> 80.74.110.68:443
+Flow 56 risky: tcp 10.8.0.1:51194 -> 62.109.224.120:443
+Flow 35 risky: tcp 10.8.0.1:33512 -> 80.74.110.68:443
+Flow 47 risky: tcp 10.8.0.1:33551 -> 80.74.110.68:443
+Flow 48 risky: tcp 10.8.0.1:33553 -> 80.74.110.68:443
+Flow 49 risky: tcp 10.8.0.1:33554 -> 80.74.110.68:443
+Flow 51 risky: tcp 10.8.0.1:33559 -> 80.74.110.68:443
+Flow 1 risky: tcp 10.8.0.1:41346 -> 64.68.105.103:443
+Flow 3 risky: tcp 10.8.0.1:41350 -> 64.68.105.103:443
+Flow 4 risky: tcp 10.8.0.1:41351 -> 64.68.105.103:443
+Flow 7 risky: tcp 10.8.0.1:41354 -> 64.68.105.103:443
diff --git a/test/results/flow-captured/http_process_response_disable/http.pcapng.out b/test/results/flow-captured/http_process_response_disable/http.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/http_process_response_disable/http.pcapng.out
diff --git a/test/results/flow-captured/http_process_response_disable/http_asymmetric.pcapng.out b/test/results/flow-captured/http_process_response_disable/http_asymmetric.pcapng.out
new file mode 100644
index 000000000..e72b81357
--- /dev/null
+++ b/test/results/flow-captured/http_process_response_disable/http_asymmetric.pcapng.out
@@ -0,0 +1,2 @@
+Flow 2 risky: tcp 192.168.1.146:80 -> 192.168.1.103:1044
+Flow 1 risky: tcp 192.168.0.1:1044 -> 10.10.10.1:80
diff --git a/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out b/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out
new file mode 100644
index 000000000..e818177e6
--- /dev/null
+++ b/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out
@@ -0,0 +1,112 @@
+Flow 37 risky: tcp 192.168.115.8:49606 -> 106.185.35.110:80
+Flow 41 risky: tcp 192.168.115.8:49609 -> 42.120.51.152:8080
+Flow 14 risky: udp 192.168.115.8:51024 -> 8.8.8.8:53
+Flow 20 risky: udp 192.168.3.95:58779 -> 224.0.0.252:5355
+Flow 19 risky: udp fe80::e98f:bae2:19f7:6b0f:58779 -> ff02::1:3:5355
+Flow 24 risky: udp 192.168.115.8:52723 -> 168.95.1.1:53
+Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53
+Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138
+Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
+Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
+Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
+Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
+Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947
+Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976
+Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976
+Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355
+Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678
+Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138
+Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
+Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
+Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
+Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
+Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
+Flow 45 risky: tcp 192.168.5.16:53623 -> 192.168.115.75:443
+Flow 87 risky: tcp 192.168.5.16:53625 -> 192.168.115.75:443
+Flow 107 risky: tcp 192.168.5.16:53626 -> 192.168.115.75:443
+Flow 117 risky: tcp 192.168.5.16:53629 -> 192.168.115.75:443
+Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
+Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
+Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
+Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678
+Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678
+Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80
+Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80
+Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678
+Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678
+Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
+Flow 86 not-detected: udp 59.120.208.212:32768 -> 255.255.255.255:1947
+Flow 142 midstream: tcp 192.168.2.126:46170 -> 172.105.121.82:80
+Flow 146 midstream: tcp 192.168.2.126:45380 -> 161.117.13.29:80
+Flow 160 midstream: tcp 192.168.2.126:49380 -> 14.136.136.108:80
+Flow 158 midstream: tcp 192.168.2.126:49372 -> 14.136.136.108:80
+Flow 150 midstream: tcp 192.168.2.126:45416 -> 161.117.13.29:80
+Flow 147 midstream: tcp 192.168.2.126:45388 -> 161.117.13.29:80
+Flow 148 midstream: tcp 192.168.2.126:45398 -> 161.117.13.29:80
+Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80
+Flow 178 risky: tcp 192.168.2.126:56826 -> 8.209.97.107:80
+Flow 178 midstream: tcp 192.168.2.126:56826 -> 8.209.97.107:80
+Flow 149 midstream: tcp 192.168.2.126:45414 -> 161.117.13.29:80
+Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80
+Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80
+Flow 192 midstream: tcp 192.168.2.126:54810 -> 18.233.123.55:80
+Flow 184 midstream: tcp 192.168.2.126:36636 -> 18.64.103.30:80
+Flow 185 midstream: tcp 192.168.2.126:36640 -> 18.64.103.30:80
+Flow 186 midstream: tcp 192.168.2.126:36654 -> 18.64.103.30:80
+Flow 180 midstream: tcp 192.168.2.126:58758 -> 202.153.196.53:80
+Flow 181 midstream: tcp 192.168.2.126:58760 -> 202.153.196.53:80
+Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80
+Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80
+Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80
+Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80
+Flow 155 midstream: tcp 192.168.2.126:38354 -> 142.250.186.34:80
+Flow 157 midstream: tcp 192.168.2.126:49354 -> 14.136.136.108:80
+Flow 159 midstream: tcp 192.168.2.126:49370 -> 14.136.136.108:80
+Flow 162 midstream: tcp 192.168.2.126:49396 -> 14.136.136.108:80
+Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80
+Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80
+Flow 161 midstream: tcp 192.168.2.126:49412 -> 14.136.136.108:80
+Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80
+Flow 164 midstream: tcp 192.168.2.126:50140 -> 161.117.13.29:80
+Flow 165 midstream: tcp 192.168.2.126:50148 -> 161.117.13.29:80
+Flow 166 midstream: tcp 192.168.2.126:50164 -> 161.117.13.29:80
+Flow 167 midstream: tcp 192.168.2.126:50166 -> 161.117.13.29:80
+Flow 168 midstream: tcp 192.168.2.126:50176 -> 161.117.13.29:80
+Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80
+Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80
+Flow 156 midstream: tcp 192.168.2.126:36732 -> 142.250.186.174:80
+Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80
+Flow 189 midstream: tcp 192.168.2.126:42554 -> 35.156.44.13:80
+Flow 190 risky: tcp 192.168.2.126:42566 -> 35.156.44.13:80
+Flow 190 midstream: tcp 192.168.2.126:42566 -> 35.156.44.13:80
+Flow 195 midstream: tcp 192.168.2.126:33042 -> 3.122.190.70:80
+Flow 173 midstream: tcp 192.168.2.126:56094 -> 3.72.69.158:80
+Flow 175 midstream: tcp 192.168.2.126:56096 -> 3.72.69.158:80
+Flow 174 midstream: tcp 192.168.2.126:56098 -> 3.72.69.158:80
+Flow 176 midstream: tcp 192.168.2.126:56104 -> 3.72.69.158:80
+Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80
+Flow 130 risky: tcp 192.168.2.126:60962 -> 172.104.93.92:1234
+Flow 130 midstream: tcp 192.168.2.126:60962 -> 172.104.93.92:1234
+Flow 131 risky: tcp 192.168.2.126:60972 -> 172.104.93.92:1234
+Flow 131 midstream: tcp 192.168.2.126:60972 -> 172.104.93.92:1234
+Flow 132 risky: tcp 192.168.2.126:60984 -> 172.104.93.92:1234
+Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234
+Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80
+Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80
+Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80
+Flow 139 midstream: tcp 192.168.2.126:60148 -> 172.105.121.82:80
+Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80
+Flow 138 risky: tcp 192.168.2.126:38834 -> 119.45.78.184:80
+Flow 138 midstream: tcp 192.168.2.126:38834 -> 119.45.78.184:80
+Flow 182 midstream: tcp 192.168.2.126:35664 -> 18.66.2.90:80
+Flow 141 midstream: tcp 192.168.2.126:46184 -> 172.105.121.82:80
+Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80
+Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80
+Flow 188 risky: tcp 192.168.2.126:37100 -> 52.29.177.177:80
+Flow 188 midstream: tcp 192.168.2.126:37100 -> 52.29.177.177:80
+Flow 143 midstream: tcp 192.168.2.126:46200 -> 172.105.121.82:80
+Flow 135 midstream: tcp 192.168.2.126:47246 -> 161.117.13.29:80
+Flow 144 midstream: tcp 192.168.2.126:46212 -> 172.105.121.82:80
+Flow 136 midstream: tcp 192.168.2.126:47262 -> 161.117.13.29:80
+Flow 137 midstream: tcp 192.168.2.126:47272 -> 161.117.13.29:80
+Flow 145 midstream: tcp 192.168.2.126:35200 -> 103.29.71.30:80
diff --git a/test/results/flow-captured/packets_limit_per_flow/tls_verylong_certificate.pcap.out b/test/results/flow-captured/packets_limit_per_flow/tls_verylong_certificate.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/packets_limit_per_flow/tls_verylong_certificate.pcap.out
Powered by cgit, Themed by Ted Yin.