aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-captured
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2025-01-25 09:14:02 +0100
committerToni Uhlig <matzeton@googlemail.com>2025-01-25 10:07:25 +0100
commit471ea834933dd089b49777d595cef9f612bdb709 (patch)
tree85a8600d268ede6bc705a3ba1aec109cc959f5b9 /test/results/flow-captured
parent064bd3aefa7a4f98b4c3c079e03df37c1b0b5125 (diff)
bump libnDPI to e946f49aca13e4447a7d7b2acae6323a4531fb55
* incorporated upstream changes Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-captured')
-rw-r--r--test/results/flow-captured/default/1kxun.pcap.out10
-rw-r--r--test/results/flow-captured/default/alexa-app.pcapng.out12
-rw-r--r--test/results/flow-captured/default/android.pcap.out2
-rw-r--r--test/results/flow-captured/default/bt-http.pcapng.out1
-rw-r--r--test/results/flow-captured/default/dicom.pcap.out4
-rw-r--r--test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out1
-rw-r--r--test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out2
-rw-r--r--test/results/flow-captured/default/gnutella.pcap.out2
-rw-r--r--test/results/flow-captured/default/hl7.pcap.out2
-rw-r--r--test/results/flow-captured/default/mikrotik_mndp.pcap.out (renamed from test/results/flow-captured/disable_metadata/tls_verylong_certificate.pcap.out)0
-rw-r--r--test/results/flow-captured/default/netbios.pcap.out2
-rw-r--r--test/results/flow-captured/default/no_sni.pcap.out2
-rw-r--r--test/results/flow-captured/default/portable_executable.pcap.out1
-rw-r--r--test/results/flow-captured/default/quickplay.pcap.out1
-rw-r--r--test/results/flow-captured/default/signal_audiocall.pcapng.out3
-rw-r--r--test/results/flow-captured/default/signal_multiparty.pcapng.out1
-rw-r--r--test/results/flow-captured/default/signal_videocall.pcapng.out3
-rw-r--r--test/results/flow-captured/default/signal_videocall_multiparty.pcapng.out1
-rw-r--r--test/results/flow-captured/default/stun_signal_tcp.pcapng.out (renamed from test/results/flow-captured/tls_ja3c_disabled/tls_verylong_certificate.pcap.out)0
-rw-r--r--test/results/flow-captured/default/telegram.pcap.out1
-rw-r--r--test/results/flow-captured/default/telegram_videocall_2.pcapng.out1
-rw-r--r--test/results/flow-captured/default/telegram_voice.pcapng.out4
-rw-r--r--test/results/flow-captured/default/tor.pcap.out1
-rw-r--r--test/results/flow-captured/default/vivox.pcapng.out (renamed from test/results/flow-captured/tls_ja3s_disabled/tls_verylong_certificate.pcap.out)0
-rw-r--r--test/results/flow-captured/default/waze.pcap.out7
-rw-r--r--test/results/flow-captured/default/websocket-chisel-ssh.pcap.out1
-rw-r--r--test/results/flow-captured/default/wechat.pcap.out2
-rw-r--r--test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out (renamed from test/results/flow-captured/disable_metadata/sip.pcap.out)0
-rw-r--r--test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out (renamed from test/results/flow-captured/tls_ja4c_disabled/tls_verylong_certificate.pcap.out)0
-rw-r--r--test/results/flow-captured/enable_payload_stat/1kxun.pcap.out10
-rw-r--r--test/results/flow-captured/fpc/1kxun.pcap.out101
-rw-r--r--test/results/flow-captured/fpc/signal_videocall.pcapng.out3
-rw-r--r--test/results/flow-captured/guess_ip_before_port_enabled/1kxun.pcap.out10
-rw-r--r--test/results/flow-captured/ip_lists_disable/1kxun.pcap.out10
-rw-r--r--test/results/flow-captured/monitoring/signal_audiocall.pcapng.out3
-rw-r--r--test/results/flow-captured/monitoring/signal_videocall.pcapng.out3
-rw-r--r--test/results/flow-captured/monitoring/signal_videocall_multiparty.pcapng.out1
-rw-r--r--test/results/flow-captured/monitoring/telegram_videocall_2.pcapng.out1
-rw-r--r--test/results/flow-captured/monitoring/telegram_voice.pcapng.out4
-rw-r--r--test/results/flow-captured/ndpireader_conf_file/openvpn_obfuscated.pcapng.out4
-rw-r--r--test/results/flow-captured/ndpireader_conf_file/signal_videocall.pcapng.out3
-rw-r--r--test/results/flow-captured/ndpireader_conf_file/stun_signal_tcp.pcapng.out0
42 files changed, 145 insertions, 75 deletions
diff --git a/test/results/flow-captured/default/1kxun.pcap.out b/test/results/flow-captured/default/1kxun.pcap.out
index fb82f703b..1011c0682 100644
--- a/test/results/flow-captured/default/1kxun.pcap.out
+++ b/test/results/flow-captured/default/1kxun.pcap.out
@@ -8,26 +8,19 @@ Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53
Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
-Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138
Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
-Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678
Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
-Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678
-Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678
Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976
Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976
Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
-Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678
Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947
Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
-Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138
Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
-Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678
Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80
Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80
Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355
@@ -46,7 +39,6 @@ Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234
Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80
Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80
Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80
-Flow 153 risky: tcp 192.168.2.126:41390 -> 18.64.79.37:80
Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80
Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80
Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80
@@ -57,7 +49,6 @@ Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80
Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80
Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80
Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80
-Flow 163 risky: tcp 192.168.2.126:44368 -> 172.217.18.98:80
Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80
Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80
Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80
@@ -78,7 +69,6 @@ Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80
Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80
Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80
Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80
-Flow 194 risky: tcp 192.168.2.126:53416 -> 172.217.16.142:80
Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80
Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80
Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80
diff --git a/test/results/flow-captured/default/alexa-app.pcapng.out b/test/results/flow-captured/default/alexa-app.pcapng.out
index 621110793..24f2878f7 100644
--- a/test/results/flow-captured/default/alexa-app.pcapng.out
+++ b/test/results/flow-captured/default/alexa-app.pcapng.out
@@ -1,7 +1,4 @@
Flow 14 risky: icmp 172.16.42.1 -> 172.16.42.216
-Flow 120 risky: tcp 172.16.42.216:51986 -> 52.84.63.56:80
-Flow 129 risky: tcp 172.16.42.216:51995 -> 52.84.63.56:80
-Flow 126 risky: tcp 172.16.42.216:51992 -> 52.84.63.56:80
Flow 28 risky: tcp 172.16.42.216:45661 -> 52.94.232.134:443
Flow 45 risky: tcp 172.16.42.216:49589 -> 52.94.232.134:80
Flow 105 risky: tcp 172.16.42.216:40854 -> 54.239.29.253:443
@@ -12,15 +9,6 @@ Flow 87 risky: tcp 172.16.42.216:45710 -> 52.94.232.134:443
Flow 88 risky: tcp 172.16.42.216:45711 -> 52.94.232.134:443
Flow 89 risky: tcp 172.16.42.216:45712 -> 52.94.232.134:443
Flow 65 risky: tcp 172.16.42.216:41691 -> 54.239.29.146:443
-Flow 119 risky: tcp 172.16.42.216:51985 -> 52.84.63.56:80
-Flow 121 risky: tcp 172.16.42.216:51987 -> 52.84.63.56:80
-Flow 122 risky: tcp 172.16.42.216:51988 -> 52.84.63.56:80
-Flow 123 risky: tcp 172.16.42.216:51989 -> 52.84.63.56:80
-Flow 124 risky: tcp 172.16.42.216:51990 -> 52.84.63.56:80
-Flow 127 risky: tcp 172.16.42.216:51993 -> 52.84.63.56:80
-Flow 128 risky: tcp 172.16.42.216:51994 -> 52.84.63.56:80
-Flow 130 risky: tcp 172.16.42.216:51996 -> 52.84.63.56:80
-Flow 131 risky: tcp 172.16.42.216:51997 -> 52.84.63.56:80
Flow 93 risky: tcp 172.16.42.216:49630 -> 52.94.232.134:80
Flow 16 risky: tcp 172.16.42.216:55242 -> 52.85.209.197:443
Flow 142 risky: tcp 172.16.42.216:50799 -> 54.239.28.178:443
diff --git a/test/results/flow-captured/default/android.pcap.out b/test/results/flow-captured/default/android.pcap.out
index ea5892663..c16a35e24 100644
--- a/test/results/flow-captured/default/android.pcap.out
+++ b/test/results/flow-captured/default/android.pcap.out
@@ -3,5 +3,3 @@ Flow 3 midstream: tcp 17.248.176.75:443 -> 192.168.2.17:50580
Flow 2 risky: tcp 17.248.176.75:443 -> 192.168.2.17:50584
Flow 2 midstream: tcp 17.248.176.75:443 -> 192.168.2.17:50584
Flow 5 midstream: tcp 17.248.185.10:443 -> 192.168.2.17:50702
-Flow 39 risky: tcp 192.168.2.16:36834 -> 173.194.79.114:80
-Flow 52 risky: tcp 192.168.2.16:36848 -> 173.194.79.114:80
diff --git a/test/results/flow-captured/default/bt-http.pcapng.out b/test/results/flow-captured/default/bt-http.pcapng.out
index 8fa10a571..e69de29bb 100644
--- a/test/results/flow-captured/default/bt-http.pcapng.out
+++ b/test/results/flow-captured/default/bt-http.pcapng.out
@@ -1 +0,0 @@
-Flow 1 risky: tcp 192.168.1.128:46882 -> 176.31.225.118:80
diff --git a/test/results/flow-captured/default/dicom.pcap.out b/test/results/flow-captured/default/dicom.pcap.out
new file mode 100644
index 000000000..b1bf64e94
--- /dev/null
+++ b/test/results/flow-captured/default/dicom.pcap.out
@@ -0,0 +1,4 @@
+Flow 1 midstream: tcp 127.0.0.1:49531 -> 127.0.0.1:104
+Flow 2 midstream: tcp 127.0.0.1:49541 -> 127.0.0.1:104
+Flow 3 midstream: tcp 127.0.0.1:52180 -> 127.0.0.1:104
+Flow 4 midstream: tcp 127.0.0.1:52228 -> 127.0.0.1:104
diff --git a/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out b/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out
index 773774dce..e69de29bb 100644
--- a/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out
@@ -1 +0,0 @@
-Flow 4 risky: udp 192.168.239.129:138 -> 192.168.239.255:138
diff --git a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out
index b9ee99ef8..8267609cc 100644
--- a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out
@@ -16,7 +16,6 @@ Flow 82 not-detected: udp 192.168.1.170:43690 -> 170.170.170.170:43690
Flow 122 risky: udp 192.168.1.1:53 -> 192.168.1.2:2763
Flow 123 risky: udp 192.168.1.2:2764 -> 192.168.1.1:53
Flow 126 risky: udp 192.168.1.1:53 -> 192.168.1.2:2765
-Flow 141 risky: udp 192.168.1.2:138 -> 192.168.1.255:138
Flow 124 not-detected: udp 192.168.1.2:43690 -> 170.170.170.170:43690
Flow 147 risky: udp 192.168.1.2:2775 -> 192.168.1.1:53
Flow 58 not-detected: 120 192.168.1.2 -> 212.242.33.35
@@ -27,7 +26,6 @@ Flow 162 not-detected: udp 212.242.33.35:9587 -> 192.168.1.2:196
Flow 85 not-detected: 240 192.168.1.2 -> 192.168.1.1
Flow 173 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690
Flow 107 not-detected: 118 192.168.1.2 -> 200.68.120.81
-Flow 180 risky: udp 192.168.1.41:138 -> 192.168.1.255:138
Flow 190 risky: udp 192.168.1.2:2793 -> 192.168.1.1:53
Flow 193 risky: udp 192.168.1.2:2794 -> 192.168.1.1:53
Flow 192 risky: udp 192.168.1.2:2795 -> 192.168.1.1:53
diff --git a/test/results/flow-captured/default/gnutella.pcap.out b/test/results/flow-captured/default/gnutella.pcap.out
index 09fb39805..01a597a95 100644
--- a/test/results/flow-captured/default/gnutella.pcap.out
+++ b/test/results/flow-captured/default/gnutella.pcap.out
@@ -1,4 +1,3 @@
-Flow 20 risky: udp 10.0.2.15:138 -> 10.0.2.255:138
Flow 239 risky: tcp 10.0.2.15:50285 -> 75.133.101.93:52367
Flow 238 risky: tcp 10.0.2.15:50284 -> 104.156.226.72:53258
Flow 288 risky: tcp 10.0.2.15:50312 -> 104.238.172.250:23548
@@ -614,7 +613,6 @@ Flow 639 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7849
Flow 302 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:53489
Flow 734 not-detected: udp 10.0.2.15:28681 -> 113.252.91.201:4297
Flow 684 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:54436
-Flow 760 risky: udp 10.0.2.15:138 -> 10.0.2.255:138
Flow 764 risky: udp 10.0.2.15:28681 -> 208.92.106.151:32476
Flow 763 risky: udp 10.0.2.15:28681 -> 85.170.209.214:46210
Flow 761 risky: udp 10.0.2.15:28681 -> 195.132.75.56:56009
diff --git a/test/results/flow-captured/default/hl7.pcap.out b/test/results/flow-captured/default/hl7.pcap.out
index a656e9571..058b0c898 100644
--- a/test/results/flow-captured/default/hl7.pcap.out
+++ b/test/results/flow-captured/default/hl7.pcap.out
@@ -1 +1,3 @@
Flow 1 risky: tcp 10.0.0.155:49242 -> 10.0.0.126:6661
+Flow 2 risky: tcp 10.0.0.155:49250 -> 10.0.0.126:6661
+Flow 3 risky: tcp 10.0.0.155:49252 -> 10.0.0.126:6661
diff --git a/test/results/flow-captured/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/flow-captured/default/mikrotik_mndp.pcap.out
index e69de29bb..e69de29bb 100644
--- a/test/results/flow-captured/disable_metadata/tls_verylong_certificate.pcap.out
+++ b/test/results/flow-captured/default/mikrotik_mndp.pcap.out
diff --git a/test/results/flow-captured/default/netbios.pcap.out b/test/results/flow-captured/default/netbios.pcap.out
index 63bf50e5d..e0c816db4 100644
--- a/test/results/flow-captured/default/netbios.pcap.out
+++ b/test/results/flow-captured/default/netbios.pcap.out
@@ -1,3 +1 @@
-Flow 3 risky: udp 10.0.5.9:138 -> 10.0.5.255:138
-Flow 12 risky: udp 10.0.5.93:138 -> 10.0.5.255:138
Flow 16 midstream: tcp 10.19.71.184:55489 -> 10.17.113.129:139
diff --git a/test/results/flow-captured/default/no_sni.pcap.out b/test/results/flow-captured/default/no_sni.pcap.out
index e69de29bb..f3c495f85 100644
--- a/test/results/flow-captured/default/no_sni.pcap.out
+++ b/test/results/flow-captured/default/no_sni.pcap.out
@@ -0,0 +1,2 @@
+Flow 3 risky: tcp 192.168.1.119:51612 -> 104.16.124.96:443
+Flow 6 risky: tcp 192.168.1.119:51637 -> 104.22.72.170:443
diff --git a/test/results/flow-captured/default/portable_executable.pcap.out b/test/results/flow-captured/default/portable_executable.pcap.out
index 53f91eaea..e69de29bb 100644
--- a/test/results/flow-captured/default/portable_executable.pcap.out
+++ b/test/results/flow-captured/default/portable_executable.pcap.out
@@ -1 +0,0 @@
-Flow 1 not-detected: tcp 172.16.99.201:1732 -> 64.227.107.71:4444
diff --git a/test/results/flow-captured/default/quickplay.pcap.out b/test/results/flow-captured/default/quickplay.pcap.out
index ed22501d6..ed14e2db3 100644
--- a/test/results/flow-captured/default/quickplay.pcap.out
+++ b/test/results/flow-captured/default/quickplay.pcap.out
@@ -10,7 +10,6 @@ Flow 12 risky: tcp 10.54.169.250:42761 -> 203.205.129.101:80
Flow 12 midstream: tcp 10.54.169.250:42761 -> 203.205.129.101:80
Flow 14 risky: tcp 10.54.169.250:42762 -> 203.205.129.101:80
Flow 14 midstream: tcp 10.54.169.250:42762 -> 203.205.129.101:80
-Flow 16 risky: tcp 10.54.169.250:56381 -> 54.179.140.65:80
Flow 16 midstream: tcp 10.54.169.250:56381 -> 54.179.140.65:80
Flow 6 midstream: tcp 10.54.169.250:33277 -> 120.28.26.231:80
Flow 7 midstream: tcp 10.54.169.250:44793 -> 31.13.68.49:80
diff --git a/test/results/flow-captured/default/signal_audiocall.pcapng.out b/test/results/flow-captured/default/signal_audiocall.pcapng.out
new file mode 100644
index 000000000..17543eb8e
--- /dev/null
+++ b/test/results/flow-captured/default/signal_audiocall.pcapng.out
@@ -0,0 +1,3 @@
+Flow 2 risky: udp 192.168.12.67:45419 -> 35.219.252.146:3478
+Flow 4 risky: udp 192.168.12.67:45419 -> 35.219.226.11:54116
+Flow 3 risky: udp 192.168.12.67:45419 -> 35.219.226.11:12261
diff --git a/test/results/flow-captured/default/signal_multiparty.pcapng.out b/test/results/flow-captured/default/signal_multiparty.pcapng.out
new file mode 100644
index 000000000..9ca99edeb
--- /dev/null
+++ b/test/results/flow-captured/default/signal_multiparty.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: udp 192.168.12.67:38303 -> 35.207.138.135:10000
diff --git a/test/results/flow-captured/default/signal_videocall.pcapng.out b/test/results/flow-captured/default/signal_videocall.pcapng.out
new file mode 100644
index 000000000..c643b0130
--- /dev/null
+++ b/test/results/flow-captured/default/signal_videocall.pcapng.out
@@ -0,0 +1,3 @@
+Flow 3 risky: udp 192.168.12.67:47926 -> 35.219.252.146:56377
+Flow 1 risky: udp 192.168.12.67:47926 -> 35.216.234.234:3478
+Flow 2 risky: udp 192.168.12.67:47926 -> 35.219.252.146:3478
diff --git a/test/results/flow-captured/default/signal_videocall_multiparty.pcapng.out b/test/results/flow-captured/default/signal_videocall_multiparty.pcapng.out
new file mode 100644
index 000000000..1725163c4
--- /dev/null
+++ b/test/results/flow-captured/default/signal_videocall_multiparty.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: udp 192.168.1.117:59446 -> 35.207.67.68:10000
diff --git a/test/results/flow-captured/tls_ja3c_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-captured/default/stun_signal_tcp.pcapng.out
index e69de29bb..e69de29bb 100644
--- a/test/results/flow-captured/tls_ja3c_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/flow-captured/default/stun_signal_tcp.pcapng.out
diff --git a/test/results/flow-captured/default/telegram.pcap.out b/test/results/flow-captured/default/telegram.pcap.out
index aa219ed8e..2f9d98bae 100644
--- a/test/results/flow-captured/default/telegram.pcap.out
+++ b/test/results/flow-captured/default/telegram.pcap.out
@@ -2,6 +2,5 @@ Flow 25 not-detected: udp 192.168.1.77:23174 -> 192.168.1.52:31480
Flow 27 risky: udp 192.168.1.77:47127 -> 192.168.1.1:53
Flow 44 not-detected: udp 192.168.1.77:28150 -> 87.11.205.195:59772
Flow 33 risky: udp 192.168.1.77:54595 -> 192.168.1.1:53
-Flow 29 risky: udp 192.168.1.43:138 -> 192.168.1.255:138
Flow 32 risky: udp 192.168.1.77:5812 -> 192.168.1.1:53
Flow 26 not-detected: udp 192.168.1.77:23174 -> 87.11.205.195:60723
diff --git a/test/results/flow-captured/default/telegram_videocall_2.pcapng.out b/test/results/flow-captured/default/telegram_videocall_2.pcapng.out
new file mode 100644
index 000000000..da379116e
--- /dev/null
+++ b/test/results/flow-captured/default/telegram_videocall_2.pcapng.out
@@ -0,0 +1 @@
+Flow 3 risky: udp 192.168.12.67:39968 -> 91.108.9.106:1400
diff --git a/test/results/flow-captured/default/telegram_voice.pcapng.out b/test/results/flow-captured/default/telegram_voice.pcapng.out
new file mode 100644
index 000000000..1848a9f25
--- /dev/null
+++ b/test/results/flow-captured/default/telegram_voice.pcapng.out
@@ -0,0 +1,4 @@
+Flow 6 risky: udp 192.168.12.67:42567 -> 91.108.9.34:1400
+Flow 10 risky: icmp 192.168.12.67 -> 91.108.9.34
+Flow 4 risky: udp 192.168.12.67:44405 -> 91.108.17.41:1400
+Flow 5 risky: udp 192.168.12.67:46013 -> 91.108.13.52:1400
diff --git a/test/results/flow-captured/default/tor.pcap.out b/test/results/flow-captured/default/tor.pcap.out
index c48d3f0d5..0c40044b1 100644
--- a/test/results/flow-captured/default/tor.pcap.out
+++ b/test/results/flow-captured/default/tor.pcap.out
@@ -1,4 +1,3 @@
-Flow 5 risky: udp 192.168.1.252:138 -> 192.168.1.255:138
Flow 1 risky: tcp 192.168.1.252:51110 -> 91.143.93.242:443
Flow 2 risky: tcp 192.168.1.252:51111 -> 46.59.52.31:443
Flow 8 risky: tcp 192.168.1.252:51175 -> 91.143.93.242:443
diff --git a/test/results/flow-captured/tls_ja3s_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-captured/default/vivox.pcapng.out
index e69de29bb..e69de29bb 100644
--- a/test/results/flow-captured/tls_ja3s_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/flow-captured/default/vivox.pcapng.out
diff --git a/test/results/flow-captured/default/waze.pcap.out b/test/results/flow-captured/default/waze.pcap.out
index 26464d3f1..101795ded 100644
--- a/test/results/flow-captured/default/waze.pcap.out
+++ b/test/results/flow-captured/default/waze.pcap.out
@@ -1,11 +1,4 @@
Flow 3 risky: tcp 10.8.0.1:54915 -> 65.39.128.135:80
-Flow 4 risky: tcp 10.8.0.1:45529 -> 54.230.227.172:80
-Flow 8 risky: tcp 10.8.0.1:45536 -> 54.230.227.172:80
-Flow 9 risky: tcp 10.8.0.1:45538 -> 54.230.227.172:80
-Flow 10 risky: tcp 10.8.0.1:45540 -> 54.230.227.172:80
-Flow 15 risky: tcp 10.8.0.1:45546 -> 54.230.227.172:80
-Flow 16 risky: tcp 10.8.0.1:45552 -> 54.230.227.172:80
-Flow 17 risky: tcp 10.8.0.1:45554 -> 54.230.227.172:80
Flow 18 risky: tcp 10.8.0.1:39021 -> 52.17.114.219:443
Flow 19 risky: tcp 10.8.0.1:36312 -> 176.34.186.180:443
Flow 5 risky: tcp 10.8.0.1:36100 -> 46.51.173.182:443
diff --git a/test/results/flow-captured/default/websocket-chisel-ssh.pcap.out b/test/results/flow-captured/default/websocket-chisel-ssh.pcap.out
new file mode 100644
index 000000000..fe419b0b1
--- /dev/null
+++ b/test/results/flow-captured/default/websocket-chisel-ssh.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 172.18.82.242:41986 -> 172.18.82.243:80
diff --git a/test/results/flow-captured/default/wechat.pcap.out b/test/results/flow-captured/default/wechat.pcap.out
index 5206eefbc..d271fe0bf 100644
--- a/test/results/flow-captured/default/wechat.pcap.out
+++ b/test/results/flow-captured/default/wechat.pcap.out
@@ -1,4 +1,2 @@
Flow 13 midstream: tcp 203.205.151.162:443 -> 192.168.1.103:54058
Flow 25 midstream: tcp 192.168.1.103:40740 -> 203.205.151.211:443
-Flow 49 risky: udp 192.168.1.100:138 -> 192.168.1.255:138
-Flow 104 risky: udp 192.168.1.100:138 -> 192.168.1.255:138
diff --git a/test/results/flow-captured/disable_metadata/sip.pcap.out b/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out
index 1090142cf..1090142cf 100644
--- a/test/results/flow-captured/disable_metadata/sip.pcap.out
+++ b/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out
diff --git a/test/results/flow-captured/tls_ja4c_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out
index e69de29bb..e69de29bb 100644
--- a/test/results/flow-captured/tls_ja4c_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out
diff --git a/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out b/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out
index fb82f703b..1011c0682 100644
--- a/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out
+++ b/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out
@@ -8,26 +8,19 @@ Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53
Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
-Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138
Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
-Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678
Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
-Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678
-Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678
Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976
Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976
Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
-Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678
Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947
Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
-Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138
Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
-Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678
Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80
Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80
Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355
@@ -46,7 +39,6 @@ Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234
Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80
Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80
Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80
-Flow 153 risky: tcp 192.168.2.126:41390 -> 18.64.79.37:80
Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80
Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80
Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80
@@ -57,7 +49,6 @@ Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80
Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80
Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80
Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80
-Flow 163 risky: tcp 192.168.2.126:44368 -> 172.217.18.98:80
Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80
Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80
Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80
@@ -78,7 +69,6 @@ Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80
Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80
Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80
Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80
-Flow 194 risky: tcp 192.168.2.126:53416 -> 172.217.16.142:80
Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80
Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80
Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80
diff --git a/test/results/flow-captured/fpc/1kxun.pcap.out b/test/results/flow-captured/fpc/1kxun.pcap.out
new file mode 100644
index 000000000..1011c0682
--- /dev/null
+++ b/test/results/flow-captured/fpc/1kxun.pcap.out
@@ -0,0 +1,101 @@
+Flow 37 risky: tcp 192.168.115.8:49606 -> 106.185.35.110:80
+Flow 41 risky: tcp 192.168.115.8:49609 -> 42.120.51.152:8080
+Flow 19 risky: udp fe80::e98f:bae2:19f7:6b0f:58779 -> ff02::1:3:5355
+Flow 20 risky: udp 192.168.3.95:58779 -> 224.0.0.252:5355
+Flow 24 risky: udp 192.168.115.8:52723 -> 168.95.1.1:53
+Flow 14 risky: udp 192.168.115.8:51024 -> 8.8.8.8:53
+Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53
+Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
+Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
+Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
+Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
+Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
+Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
+Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
+Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976
+Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976
+Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
+Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
+Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
+Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
+Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947
+Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
+Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
+Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80
+Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80
+Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355
+Flow 86 not-detected: udp 59.120.208.212:32768 -> 255.255.255.255:1947
+Flow 142 midstream: tcp 192.168.2.126:46170 -> 172.105.121.82:80
+Flow 146 midstream: tcp 192.168.2.126:45380 -> 161.117.13.29:80
+Flow 160 midstream: tcp 192.168.2.126:49380 -> 14.136.136.108:80
+Flow 158 midstream: tcp 192.168.2.126:49372 -> 14.136.136.108:80
+Flow 150 midstream: tcp 192.168.2.126:45416 -> 161.117.13.29:80
+Flow 130 risky: tcp 192.168.2.126:60962 -> 172.104.93.92:1234
+Flow 130 midstream: tcp 192.168.2.126:60962 -> 172.104.93.92:1234
+Flow 131 risky: tcp 192.168.2.126:60972 -> 172.104.93.92:1234
+Flow 131 midstream: tcp 192.168.2.126:60972 -> 172.104.93.92:1234
+Flow 132 risky: tcp 192.168.2.126:60984 -> 172.104.93.92:1234
+Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234
+Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80
+Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80
+Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80
+Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80
+Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80
+Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80
+Flow 195 midstream: tcp 192.168.2.126:33042 -> 3.122.190.70:80
+Flow 180 midstream: tcp 192.168.2.126:58758 -> 202.153.196.53:80
+Flow 181 midstream: tcp 192.168.2.126:58760 -> 202.153.196.53:80
+Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80
+Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80
+Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80
+Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80
+Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80
+Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80
+Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80
+Flow 156 midstream: tcp 192.168.2.126:36732 -> 142.250.186.174:80
+Flow 155 midstream: tcp 192.168.2.126:38354 -> 142.250.186.34:80
+Flow 141 midstream: tcp 192.168.2.126:46184 -> 172.105.121.82:80
+Flow 143 midstream: tcp 192.168.2.126:46200 -> 172.105.121.82:80
+Flow 144 midstream: tcp 192.168.2.126:46212 -> 172.105.121.82:80
+Flow 173 midstream: tcp 192.168.2.126:56094 -> 3.72.69.158:80
+Flow 175 midstream: tcp 192.168.2.126:56096 -> 3.72.69.158:80
+Flow 174 midstream: tcp 192.168.2.126:56098 -> 3.72.69.158:80
+Flow 176 midstream: tcp 192.168.2.126:56104 -> 3.72.69.158:80
+Flow 145 midstream: tcp 192.168.2.126:35200 -> 103.29.71.30:80
+Flow 147 midstream: tcp 192.168.2.126:45388 -> 161.117.13.29:80
+Flow 148 midstream: tcp 192.168.2.126:45398 -> 161.117.13.29:80
+Flow 149 midstream: tcp 192.168.2.126:45414 -> 161.117.13.29:80
+Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80
+Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80
+Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80
+Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80
+Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80
+Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80
+Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80
+Flow 188 risky: tcp 192.168.2.126:37100 -> 52.29.177.177:80
+Flow 188 midstream: tcp 192.168.2.126:37100 -> 52.29.177.177:80
+Flow 135 midstream: tcp 192.168.2.126:47246 -> 161.117.13.29:80
+Flow 136 midstream: tcp 192.168.2.126:47262 -> 161.117.13.29:80
+Flow 137 midstream: tcp 192.168.2.126:47272 -> 161.117.13.29:80
+Flow 178 risky: tcp 192.168.2.126:56826 -> 8.209.97.107:80
+Flow 178 midstream: tcp 192.168.2.126:56826 -> 8.209.97.107:80
+Flow 164 midstream: tcp 192.168.2.126:50140 -> 161.117.13.29:80
+Flow 165 midstream: tcp 192.168.2.126:50148 -> 161.117.13.29:80
+Flow 166 midstream: tcp 192.168.2.126:50164 -> 161.117.13.29:80
+Flow 167 midstream: tcp 192.168.2.126:50166 -> 161.117.13.29:80
+Flow 168 midstream: tcp 192.168.2.126:50176 -> 161.117.13.29:80
+Flow 192 midstream: tcp 192.168.2.126:54810 -> 18.233.123.55:80
+Flow 189 midstream: tcp 192.168.2.126:42554 -> 35.156.44.13:80
+Flow 190 risky: tcp 192.168.2.126:42566 -> 35.156.44.13:80
+Flow 190 midstream: tcp 192.168.2.126:42566 -> 35.156.44.13:80
+Flow 138 risky: tcp 192.168.2.126:38834 -> 119.45.78.184:80
+Flow 138 midstream: tcp 192.168.2.126:38834 -> 119.45.78.184:80
+Flow 157 midstream: tcp 192.168.2.126:49354 -> 14.136.136.108:80
+Flow 159 midstream: tcp 192.168.2.126:49370 -> 14.136.136.108:80
+Flow 162 midstream: tcp 192.168.2.126:49396 -> 14.136.136.108:80
+Flow 161 midstream: tcp 192.168.2.126:49412 -> 14.136.136.108:80
+Flow 182 midstream: tcp 192.168.2.126:35664 -> 18.66.2.90:80
+Flow 184 midstream: tcp 192.168.2.126:36636 -> 18.64.103.30:80
+Flow 185 midstream: tcp 192.168.2.126:36640 -> 18.64.103.30:80
+Flow 186 midstream: tcp 192.168.2.126:36654 -> 18.64.103.30:80
+Flow 139 midstream: tcp 192.168.2.126:60148 -> 172.105.121.82:80
diff --git a/test/results/flow-captured/fpc/signal_videocall.pcapng.out b/test/results/flow-captured/fpc/signal_videocall.pcapng.out
new file mode 100644
index 000000000..c643b0130
--- /dev/null
+++ b/test/results/flow-captured/fpc/signal_videocall.pcapng.out
@@ -0,0 +1,3 @@
+Flow 3 risky: udp 192.168.12.67:47926 -> 35.219.252.146:56377
+Flow 1 risky: udp 192.168.12.67:47926 -> 35.216.234.234:3478
+Flow 2 risky: udp 192.168.12.67:47926 -> 35.219.252.146:3478
diff --git a/test/results/flow-captured/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/flow-captured/guess_ip_before_port_enabled/1kxun.pcap.out
index fb82f703b..1011c0682 100644
--- a/test/results/flow-captured/guess_ip_before_port_enabled/1kxun.pcap.out
+++ b/test/results/flow-captured/guess_ip_before_port_enabled/1kxun.pcap.out
@@ -8,26 +8,19 @@ Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53
Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
-Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138
Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
-Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678
Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
-Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678
-Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678
Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976
Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976
Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
-Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678
Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947
Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
-Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138
Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
-Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678
Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80
Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80
Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355
@@ -46,7 +39,6 @@ Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234
Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80
Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80
Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80
-Flow 153 risky: tcp 192.168.2.126:41390 -> 18.64.79.37:80
Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80
Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80
Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80
@@ -57,7 +49,6 @@ Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80
Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80
Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80
Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80
-Flow 163 risky: tcp 192.168.2.126:44368 -> 172.217.18.98:80
Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80
Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80
Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80
@@ -78,7 +69,6 @@ Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80
Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80
Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80
Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80
-Flow 194 risky: tcp 192.168.2.126:53416 -> 172.217.16.142:80
Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80
Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80
Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80
diff --git a/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out b/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out
index fb82f703b..1011c0682 100644
--- a/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out
+++ b/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out
@@ -8,26 +8,19 @@ Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53
Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
-Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138
Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
-Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678
Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
-Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678
-Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678
Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976
Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976
Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
-Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678
Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947
Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
-Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138
Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
-Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678
Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80
Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80
Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355
@@ -46,7 +39,6 @@ Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234
Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80
Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80
Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80
-Flow 153 risky: tcp 192.168.2.126:41390 -> 18.64.79.37:80
Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80
Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80
Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80
@@ -57,7 +49,6 @@ Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80
Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80
Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80
Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80
-Flow 163 risky: tcp 192.168.2.126:44368 -> 172.217.18.98:80
Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80
Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80
Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80
@@ -78,7 +69,6 @@ Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80
Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80
Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80
Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80
-Flow 194 risky: tcp 192.168.2.126:53416 -> 172.217.16.142:80
Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80
Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80
Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80
diff --git a/test/results/flow-captured/monitoring/signal_audiocall.pcapng.out b/test/results/flow-captured/monitoring/signal_audiocall.pcapng.out
new file mode 100644
index 000000000..17543eb8e
--- /dev/null
+++ b/test/results/flow-captured/monitoring/signal_audiocall.pcapng.out
@@ -0,0 +1,3 @@
+Flow 2 risky: udp 192.168.12.67:45419 -> 35.219.252.146:3478
+Flow 4 risky: udp 192.168.12.67:45419 -> 35.219.226.11:54116
+Flow 3 risky: udp 192.168.12.67:45419 -> 35.219.226.11:12261
diff --git a/test/results/flow-captured/monitoring/signal_videocall.pcapng.out b/test/results/flow-captured/monitoring/signal_videocall.pcapng.out
new file mode 100644
index 000000000..c643b0130
--- /dev/null
+++ b/test/results/flow-captured/monitoring/signal_videocall.pcapng.out
@@ -0,0 +1,3 @@
+Flow 3 risky: udp 192.168.12.67:47926 -> 35.219.252.146:56377
+Flow 1 risky: udp 192.168.12.67:47926 -> 35.216.234.234:3478
+Flow 2 risky: udp 192.168.12.67:47926 -> 35.219.252.146:3478
diff --git a/test/results/flow-captured/monitoring/signal_videocall_multiparty.pcapng.out b/test/results/flow-captured/monitoring/signal_videocall_multiparty.pcapng.out
new file mode 100644
index 000000000..1725163c4
--- /dev/null
+++ b/test/results/flow-captured/monitoring/signal_videocall_multiparty.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: udp 192.168.1.117:59446 -> 35.207.67.68:10000
diff --git a/test/results/flow-captured/monitoring/telegram_videocall_2.pcapng.out b/test/results/flow-captured/monitoring/telegram_videocall_2.pcapng.out
new file mode 100644
index 000000000..da379116e
--- /dev/null
+++ b/test/results/flow-captured/monitoring/telegram_videocall_2.pcapng.out
@@ -0,0 +1 @@
+Flow 3 risky: udp 192.168.12.67:39968 -> 91.108.9.106:1400
diff --git a/test/results/flow-captured/monitoring/telegram_voice.pcapng.out b/test/results/flow-captured/monitoring/telegram_voice.pcapng.out
new file mode 100644
index 000000000..1848a9f25
--- /dev/null
+++ b/test/results/flow-captured/monitoring/telegram_voice.pcapng.out
@@ -0,0 +1,4 @@
+Flow 6 risky: udp 192.168.12.67:42567 -> 91.108.9.34:1400
+Flow 10 risky: icmp 192.168.12.67 -> 91.108.9.34
+Flow 4 risky: udp 192.168.12.67:44405 -> 91.108.17.41:1400
+Flow 5 risky: udp 192.168.12.67:46013 -> 91.108.13.52:1400
diff --git a/test/results/flow-captured/ndpireader_conf_file/openvpn_obfuscated.pcapng.out b/test/results/flow-captured/ndpireader_conf_file/openvpn_obfuscated.pcapng.out
new file mode 100644
index 000000000..e8c38bf29
--- /dev/null
+++ b/test/results/flow-captured/ndpireader_conf_file/openvpn_obfuscated.pcapng.out
@@ -0,0 +1,4 @@
+Flow 3 guessed: tcp 107.161.86.131:443 -> 192.168.12.156:48072
+Flow 3 not-detected: tcp 107.161.86.131:443 -> 192.168.12.156:48072
+Flow 1 guessed: tcp 192.168.12.156:37976 -> 185.128.25.99:465
+Flow 1 not-detected: tcp 192.168.12.156:37976 -> 185.128.25.99:465
diff --git a/test/results/flow-captured/ndpireader_conf_file/signal_videocall.pcapng.out b/test/results/flow-captured/ndpireader_conf_file/signal_videocall.pcapng.out
new file mode 100644
index 000000000..c643b0130
--- /dev/null
+++ b/test/results/flow-captured/ndpireader_conf_file/signal_videocall.pcapng.out
@@ -0,0 +1,3 @@
+Flow 3 risky: udp 192.168.12.67:47926 -> 35.219.252.146:56377
+Flow 1 risky: udp 192.168.12.67:47926 -> 35.216.234.234:3478
+Flow 2 risky: udp 192.168.12.67:47926 -> 35.219.252.146:3478
diff --git a/test/results/flow-captured/ndpireader_conf_file/stun_signal_tcp.pcapng.out b/test/results/flow-captured/ndpireader_conf_file/stun_signal_tcp.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/ndpireader_conf_file/stun_signal_tcp.pcapng.out
Powered by cgit, Themed by Ted Yin.