aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-captured/default
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-captured/default')
-rw-r--r--test/results/flow-captured/default/1kxun.pcap.out8
-rw-r--r--test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out1
-rw-r--r--test/results/flow-captured/default/armagetron.pcapng.out (renamed from test/results/flow-captured/default/ossfuzz_seed_fake_traces_3.pcapng.out)0
-rw-r--r--test/results/flow-captured/default/blizzard.pcap.out6
-rw-r--r--test/results/flow-captured/default/cloudflare-warp.pcap.out1
-rw-r--r--test/results/flow-captured/default/dns2.pcap.out1
-rw-r--r--test/results/flow-captured/default/dns_retransmissions.pcap.out1
-rw-r--r--test/results/flow-captured/default/dropbox.pcap.out5
-rw-r--r--test/results/flow-captured/default/false_positives.pcapng.out1
-rw-r--r--test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out3
-rw-r--r--test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out1
-rw-r--r--test/results/flow-captured/default/gearup_booster.pcap.out0
-rw-r--r--test/results/flow-captured/default/hcl_notes.pcapng.out0
-rw-r--r--test/results/flow-captured/default/jabber.pcap.out3
-rw-r--r--test/results/flow-captured/default/msdo.pcapng.out0
-rw-r--r--test/results/flow-captured/default/nest_log_sink.pcap.out1
-rw-r--r--test/results/flow-captured/default/netease_games.pcapng.out1
-rw-r--r--test/results/flow-captured/default/netflix.pcap.out2
-rw-r--r--test/results/flow-captured/default/nexon.pcapng.out0
-rw-r--r--test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out9
-rw-r--r--test/results/flow-captured/default/pinterest.pcap.out1
-rw-r--r--test/results/flow-captured/default/rockstar_games.pcapng.out1
-rw-r--r--test/results/flow-captured/default/signal_audiocall.pcapng.out1
-rw-r--r--test/results/flow-captured/default/signal_audiocall_2.pcapng.out2
-rw-r--r--test/results/flow-captured/default/signal_videocall.pcapng.out2
-rw-r--r--test/results/flow-captured/default/sites.pcapng.out1
-rw-r--r--test/results/flow-captured/default/starcraft_battle.pcap.out6
-rw-r--r--test/results/flow-captured/default/stun.pcap.out2
-rw-r--r--test/results/flow-captured/default/stun_signal.pcapng.out2
-rw-r--r--test/results/flow-captured/default/stun_signal_tcp.pcapng.out1
-rw-r--r--test/results/flow-captured/default/stun_wa_call.pcapng.out6
-rw-r--r--test/results/flow-captured/default/teams.pcap.out2
-rw-r--r--test/results/flow-captured/default/tls-appdata.pcap.out1
-rw-r--r--test/results/flow-captured/default/tls_certificate_too_long.pcap.out3
-rw-r--r--test/results/flow-captured/default/tls_heur__shadowsocks-tcp.pcapng.out1
-rw-r--r--test/results/flow-captured/default/tls_heur__trojan-tcp-tls.pcapng.out1
-rw-r--r--test/results/flow-captured/default/tls_heur__vmess-tcp-tls.pcapng.out1
-rw-r--r--test/results/flow-captured/default/tls_heur__vmess-tcp.pcapng.out1
-rw-r--r--test/results/flow-captured/default/tumblr.pcap.out5
-rw-r--r--test/results/flow-captured/default/ubntac2.pcap.out1
-rw-r--r--test/results/flow-captured/default/wa_video.pcap.out1
-rw-r--r--test/results/flow-captured/default/wa_voice.pcap.out5
-rw-r--r--test/results/flow-captured/default/whatsapp_login_call.pcap.out3
-rw-r--r--test/results/flow-captured/default/whatsapp_login_chat.pcap.out1
-rw-r--r--test/results/flow-captured/default/wow.pcap.out2
-rw-r--r--test/results/flow-captured/default/zoom.pcap.out1
-rw-r--r--test/results/flow-captured/default/zoom2.pcap.out3
47 files changed, 21 insertions, 80 deletions
diff --git a/test/results/flow-captured/default/1kxun.pcap.out b/test/results/flow-captured/default/1kxun.pcap.out
index 1011c0682..9cc58dec9 100644
--- a/test/results/flow-captured/default/1kxun.pcap.out
+++ b/test/results/flow-captured/default/1kxun.pcap.out
@@ -2,12 +2,7 @@ Flow 37 risky: tcp 192.168.115.8:49606 -> 106.185.35.110:80
Flow 41 risky: tcp 192.168.115.8:49609 -> 42.120.51.152:8080
Flow 19 risky: udp fe80::e98f:bae2:19f7:6b0f:58779 -> ff02::1:3:5355
Flow 20 risky: udp 192.168.3.95:58779 -> 224.0.0.252:5355
-Flow 24 risky: udp 192.168.115.8:52723 -> 168.95.1.1:53
-Flow 14 risky: udp 192.168.115.8:51024 -> 8.8.8.8:53
-Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53
-Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
-Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
@@ -36,7 +31,6 @@ Flow 131 risky: tcp 192.168.2.126:60972 -> 172.104.93.92:1234
Flow 131 midstream: tcp 192.168.2.126:60972 -> 172.104.93.92:1234
Flow 132 risky: tcp 192.168.2.126:60984 -> 172.104.93.92:1234
Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234
-Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80
Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80
Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80
Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80
@@ -77,7 +71,6 @@ Flow 188 midstream: tcp 192.168.2.126:37100 -> 52.29.177.177:80
Flow 135 midstream: tcp 192.168.2.126:47246 -> 161.117.13.29:80
Flow 136 midstream: tcp 192.168.2.126:47262 -> 161.117.13.29:80
Flow 137 midstream: tcp 192.168.2.126:47272 -> 161.117.13.29:80
-Flow 178 risky: tcp 192.168.2.126:56826 -> 8.209.97.107:80
Flow 178 midstream: tcp 192.168.2.126:56826 -> 8.209.97.107:80
Flow 164 midstream: tcp 192.168.2.126:50140 -> 161.117.13.29:80
Flow 165 midstream: tcp 192.168.2.126:50148 -> 161.117.13.29:80
@@ -86,7 +79,6 @@ Flow 167 midstream: tcp 192.168.2.126:50166 -> 161.117.13.29:80
Flow 168 midstream: tcp 192.168.2.126:50176 -> 161.117.13.29:80
Flow 192 midstream: tcp 192.168.2.126:54810 -> 18.233.123.55:80
Flow 189 midstream: tcp 192.168.2.126:42554 -> 35.156.44.13:80
-Flow 190 risky: tcp 192.168.2.126:42566 -> 35.156.44.13:80
Flow 190 midstream: tcp 192.168.2.126:42566 -> 35.156.44.13:80
Flow 138 risky: tcp 192.168.2.126:38834 -> 119.45.78.184:80
Flow 138 midstream: tcp 192.168.2.126:38834 -> 119.45.78.184:80
diff --git a/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
index e1e60dba9..e69de29bb 100644
--- a/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -1 +0,0 @@
-Flow 5 risky: udp 10.35.60.100:15580 -> 10.23.1.52:16756
diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/flow-captured/default/armagetron.pcapng.out
index e69de29bb..e69de29bb 100644
--- a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_3.pcapng.out
+++ b/test/results/flow-captured/default/armagetron.pcapng.out
diff --git a/test/results/flow-captured/default/blizzard.pcap.out b/test/results/flow-captured/default/blizzard.pcap.out
new file mode 100644
index 000000000..95f582ed9
--- /dev/null
+++ b/test/results/flow-captured/default/blizzard.pcap.out
@@ -0,0 +1,6 @@
+Flow 3 risky: tcp 192.168.12.67:42710 -> 137.221.107.220:3724
+Flow 4 risky: udp 192.168.12.67:1120 -> 34.171.17.90:50000
+Flow 5 risky: udp 192.168.12.67:44282 -> 34.22.163.26:7521
+Flow 7 risky: tcp 192.168.1.117:60378 -> 66.40.191.253:3724
+Flow 9 risky: udp 192.168.1.117:58787 -> 137.221.82.101:29503
+Flow 8 risky: udp 192.168.1.117:63711 -> 137.221.72.99:29523
diff --git a/test/results/flow-captured/default/cloudflare-warp.pcap.out b/test/results/flow-captured/default/cloudflare-warp.pcap.out
index e69de29bb..e88427d98 100644
--- a/test/results/flow-captured/default/cloudflare-warp.pcap.out
+++ b/test/results/flow-captured/default/cloudflare-warp.pcap.out
@@ -0,0 +1 @@
+Flow 2 risky: tcp 10.8.0.1:42344 -> 159.138.85.48:5223
diff --git a/test/results/flow-captured/default/dns2.pcap.out b/test/results/flow-captured/default/dns2.pcap.out
index 5152e60d8..e69de29bb 100644
--- a/test/results/flow-captured/default/dns2.pcap.out
+++ b/test/results/flow-captured/default/dns2.pcap.out
@@ -1 +0,0 @@
-Flow 1 risky: udp 192.168.255.251:56550 -> 8.8.8.8:53
diff --git a/test/results/flow-captured/default/dns_retransmissions.pcap.out b/test/results/flow-captured/default/dns_retransmissions.pcap.out
index 04da7d3ce..e69de29bb 100644
--- a/test/results/flow-captured/default/dns_retransmissions.pcap.out
+++ b/test/results/flow-captured/default/dns_retransmissions.pcap.out
@@ -1 +0,0 @@
-Flow 1 risky: udp 37.41.101.140:11892 -> 208.67.222.222:53
diff --git a/test/results/flow-captured/default/dropbox.pcap.out b/test/results/flow-captured/default/dropbox.pcap.out
index d41e5af18..e69de29bb 100644
--- a/test/results/flow-captured/default/dropbox.pcap.out
+++ b/test/results/flow-captured/default/dropbox.pcap.out
@@ -1,5 +0,0 @@
-Flow 6 risky: udp 192.168.1.105:49112 -> 192.168.1.254:53
-Flow 7 risky: udp 192.168.1.105:50789 -> 192.168.1.254:53
-Flow 5 risky: udp 192.168.1.105:55407 -> 192.168.1.254:53
-Flow 11 risky: udp 192.168.1.105:33189 -> 192.168.1.254:53
-Flow 8 risky: udp 192.168.1.105:36173 -> 192.168.1.254:53
diff --git a/test/results/flow-captured/default/false_positives.pcapng.out b/test/results/flow-captured/default/false_positives.pcapng.out
index 34f891ca0..1c5092f10 100644
--- a/test/results/flow-captured/default/false_positives.pcapng.out
+++ b/test/results/flow-captured/default/false_positives.pcapng.out
@@ -1 +1,2 @@
+Flow 3 risky: tcp 91.238.181.21:35888 -> 89.31.79.12:3389
Flow 2 not-detected: udp 192.168.12.156:37649 -> 57.128.172.97:9981
diff --git a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out
index 3ef94599c..fe33d7d45 100644
--- a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out
@@ -24,8 +24,6 @@ Flow 85 not-detected: 240 192.168.1.2 -> 192.168.1.1
Flow 173 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690
Flow 107 not-detected: 118 192.168.1.2 -> 200.68.120.81
Flow 190 risky: udp 192.168.1.2:2793 -> 192.168.1.1:53
-Flow 193 risky: udp 192.168.1.2:2794 -> 192.168.1.1:53
-Flow 192 risky: udp 192.168.1.2:2795 -> 192.168.1.1:53
Flow 197 risky: udp 192.168.1.2:2797 -> 192.168.1.1:53
Flow 186 not-detected: udp 192.168.1.2:43690 -> 192.168.170.170:43690
Flow 204 risky: udp 192.168.1.2:2801 -> 192.168.1.1:53
@@ -58,5 +56,4 @@ Flow 42 not-detected: tcp 147.234.1.253:58999 -> 192.232.1.2:2721
Flow 42 midstream: tcp 147.234.1.253:58999 -> 192.232.1.2:2721
Flow 37 not-detected: 170 170.170.170.170 -> 170.170.170.170
Flow 249 risky: udp 192.168.1.1:53 -> 192.168.1.2:2572
-Flow 254 risky: udp 192.168.1.2:2830 -> 192.168.1.1:53
Flow 29 not-detected: tcp 147.234.1.170:43690 -> 170.170.170.170:43690
diff --git a/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out
index c87403b79..7baab7a01 100644
--- a/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out
@@ -8,5 +8,4 @@ Flow 18 risky: tcp 172.20.3.5:2604 -> 172.20.3.13:80
Flow 27 risky: tcp 172.20.3.5:2606 -> 172.20.3.13:80
Flow 10 not-detected: 170 170.170.170.170 -> 170.170.170.170
Flow 5 risky: tcp 172.20.3.13:53132 -> 172.20.3.5:80
-Flow 34 risky: tcp 172.20.3.13:53136 -> 172.20.3.5:80
Flow 34 midstream: tcp 172.20.3.13:53136 -> 172.20.3.5:80
diff --git a/test/results/flow-captured/default/gearup_booster.pcap.out b/test/results/flow-captured/default/gearup_booster.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/gearup_booster.pcap.out
diff --git a/test/results/flow-captured/default/hcl_notes.pcapng.out b/test/results/flow-captured/default/hcl_notes.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/hcl_notes.pcapng.out
diff --git a/test/results/flow-captured/default/jabber.pcap.out b/test/results/flow-captured/default/jabber.pcap.out
index 50068dc3c..26af168db 100644
--- a/test/results/flow-captured/default/jabber.pcap.out
+++ b/test/results/flow-captured/default/jabber.pcap.out
@@ -2,3 +2,6 @@ Flow 3 midstream: tcp 172.16.0.62:57126 -> 172.16.1.138:5222
Flow 6 risky: tcp 172.16.0.62:57149 -> 172.16.1.138:5222
Flow 6 midstream: tcp 172.16.0.62:57149 -> 172.16.1.138:5222
Flow 4 midstream: tcp 172.16.0.62:57129 -> 172.16.1.138:5222
+Flow 8 risky: tcp 192.168.2.100:34218 -> 160.44.201.102:5223
+Flow 10 risky: tcp 192.168.2.100:58388 -> 160.44.201.102:5223
+Flow 12 risky: tcp 192.168.2.100:34070 -> 160.44.201.102:5223
diff --git a/test/results/flow-captured/default/msdo.pcapng.out b/test/results/flow-captured/default/msdo.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/msdo.pcapng.out
diff --git a/test/results/flow-captured/default/nest_log_sink.pcap.out b/test/results/flow-captured/default/nest_log_sink.pcap.out
index dea8bb13a..ffc0ad314 100644
--- a/test/results/flow-captured/default/nest_log_sink.pcap.out
+++ b/test/results/flow-captured/default/nest_log_sink.pcap.out
@@ -1,4 +1,3 @@
Flow 1 guessed: tcp 192.168.242.15:63340 -> 35.174.82.237:11095
Flow 1 not-detected: tcp 192.168.242.15:63340 -> 35.174.82.237:11095
Flow 1 midstream: tcp 192.168.242.15:63340 -> 35.174.82.237:11095
-Flow 10 risky: udp 192.168.242.15:52849 -> 192.168.242.1:53
diff --git a/test/results/flow-captured/default/netease_games.pcapng.out b/test/results/flow-captured/default/netease_games.pcapng.out
index 30bd2a758..e69de29bb 100644
--- a/test/results/flow-captured/default/netease_games.pcapng.out
+++ b/test/results/flow-captured/default/netease_games.pcapng.out
@@ -1 +0,0 @@
-Flow 1 risky: udp 192.168.88.231:49377 -> 172.17.8.75:53
diff --git a/test/results/flow-captured/default/netflix.pcap.out b/test/results/flow-captured/default/netflix.pcap.out
index 728e0bf24..c23b9c3ba 100644
--- a/test/results/flow-captured/default/netflix.pcap.out
+++ b/test/results/flow-captured/default/netflix.pcap.out
@@ -12,9 +12,7 @@ Flow 39 risky: tcp 192.168.1.7:53178 -> 23.246.11.141:80
Flow 40 risky: tcp 192.168.1.7:53179 -> 23.246.11.141:80
Flow 37 risky: tcp 192.168.1.7:53176 -> 23.246.11.141:80
Flow 44 risky: tcp 192.168.1.7:53183 -> 23.246.3.140:80
-Flow 2 risky: udp 192.168.1.7:51543 -> 192.168.1.1:53
Flow 28 risky: tcp 192.168.1.7:53153 -> 184.25.204.24:80
-Flow 52 risky: udp 192.168.1.7:51622 -> 192.168.1.1:53
Flow 57 risky: tcp 192.168.1.7:53249 -> 52.41.30.5:443
Flow 47 risky: tcp 192.168.1.7:53202 -> 54.191.17.51:443
Flow 14 risky: tcp 192.168.1.7:53132 -> 52.89.39.139:443
diff --git a/test/results/flow-captured/default/nexon.pcapng.out b/test/results/flow-captured/default/nexon.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/nexon.pcapng.out
diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out
index 612ea67f0..4d9509a66 100644
--- a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out
+++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out
@@ -1,13 +1,6 @@
+Flow 1 not-detected: udp 127.0.0.1:1 -> 127.0.0.1:2
Flow 2 risky: udp 127.0.0.1:1119 -> 127.0.0.1:1120
Flow 7 not-detected: udp 127.0.0.1:100 -> 127.0.0.1:200
-Flow 4 risky: tcp 192.168.1.128:1 -> 121.254.200.130:1119
-Flow 4 midstream: tcp 192.168.1.128:1 -> 121.254.200.130:1119
-Flow 6 risky: tcp 192.168.1.128:1 -> 12.129.236.254:1119
-Flow 6 midstream: tcp 192.168.1.128:1 -> 12.129.236.254:1119
-Flow 3 risky: tcp 192.168.1.128:1 -> 12.129.206.130:1119
-Flow 3 midstream: tcp 192.168.1.128:1 -> 12.129.206.130:1119
-Flow 5 risky: tcp 192.168.1.128:1 -> 202.9.66.76:1119
-Flow 5 midstream: tcp 192.168.1.128:1 -> 202.9.66.76:1119
Flow 8 not-detected: udp 127.0.0.1:17788 -> 127.0.0.1:17788
Flow 9 risky: tcp 192.168.1.128:1 -> 1.2.3.4:10
Flow 9 midstream: tcp 192.168.1.128:1 -> 1.2.3.4:10
diff --git a/test/results/flow-captured/default/pinterest.pcap.out b/test/results/flow-captured/default/pinterest.pcap.out
index 0387bd20d..24910f323 100644
--- a/test/results/flow-captured/default/pinterest.pcap.out
+++ b/test/results/flow-captured/default/pinterest.pcap.out
@@ -1,2 +1 @@
-Flow 22 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43562 -> 2a00:1450:4007:805::2003:443
Flow 22 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43562 -> 2a00:1450:4007:805::2003:443
diff --git a/test/results/flow-captured/default/rockstar_games.pcapng.out b/test/results/flow-captured/default/rockstar_games.pcapng.out
new file mode 100644
index 000000000..cf5267283
--- /dev/null
+++ b/test/results/flow-captured/default/rockstar_games.pcapng.out
@@ -0,0 +1 @@
+Flow 4 risky: udp 192.168.1.42:59487 -> 192.81.241.191:61457
diff --git a/test/results/flow-captured/default/signal_audiocall.pcapng.out b/test/results/flow-captured/default/signal_audiocall.pcapng.out
index 17543eb8e..aa1347062 100644
--- a/test/results/flow-captured/default/signal_audiocall.pcapng.out
+++ b/test/results/flow-captured/default/signal_audiocall.pcapng.out
@@ -1,3 +1,2 @@
-Flow 2 risky: udp 192.168.12.67:45419 -> 35.219.252.146:3478
Flow 4 risky: udp 192.168.12.67:45419 -> 35.219.226.11:54116
Flow 3 risky: udp 192.168.12.67:45419 -> 35.219.226.11:12261
diff --git a/test/results/flow-captured/default/signal_audiocall_2.pcapng.out b/test/results/flow-captured/default/signal_audiocall_2.pcapng.out
new file mode 100644
index 000000000..0b5bc2281
--- /dev/null
+++ b/test/results/flow-captured/default/signal_audiocall_2.pcapng.out
@@ -0,0 +1,2 @@
+Flow 5 risky: udp 192.168.12.67:43281 -> 93.40.63.219:49514
+Flow 4 risky: udp 192.168.12.67:43281 -> 10.219.164.8:50017
diff --git a/test/results/flow-captured/default/signal_videocall.pcapng.out b/test/results/flow-captured/default/signal_videocall.pcapng.out
index c643b0130..c0b21c673 100644
--- a/test/results/flow-captured/default/signal_videocall.pcapng.out
+++ b/test/results/flow-captured/default/signal_videocall.pcapng.out
@@ -1,3 +1 @@
Flow 3 risky: udp 192.168.12.67:47926 -> 35.219.252.146:56377
-Flow 1 risky: udp 192.168.12.67:47926 -> 35.216.234.234:3478
-Flow 2 risky: udp 192.168.12.67:47926 -> 35.219.252.146:3478
diff --git a/test/results/flow-captured/default/sites.pcapng.out b/test/results/flow-captured/default/sites.pcapng.out
index e69de29bb..f4bbfa8bc 100644
--- a/test/results/flow-captured/default/sites.pcapng.out
+++ b/test/results/flow-captured/default/sites.pcapng.out
@@ -0,0 +1 @@
+Flow 68 risky: udp 192.168.1.17:59392 -> 3.164.68.49:443
diff --git a/test/results/flow-captured/default/starcraft_battle.pcap.out b/test/results/flow-captured/default/starcraft_battle.pcap.out
index 8dc2218fe..639181271 100644
--- a/test/results/flow-captured/default/starcraft_battle.pcap.out
+++ b/test/results/flow-captured/default/starcraft_battle.pcap.out
@@ -7,10 +7,8 @@ Flow 18 midstream: tcp 192.168.1.100:3489 -> 2.228.46.104:443
Flow 19 midstream: tcp 192.168.1.100:3490 -> 2.228.46.104:443
Flow 20 midstream: tcp 192.168.1.100:3491 -> 2.228.46.104:443
Flow 17 midstream: tcp 192.168.1.100:3492 -> 2.228.46.104:443
-Flow 28 risky: udp 192.168.1.100:53145 -> 192.168.1.254:53
-Flow 44 risky: udp 192.168.1.100:55468 -> 192.168.1.254:53
+Flow 31 guessed: tcp 192.168.1.100:3517 -> 213.248.127.130:1119
+Flow 31 not-detected: tcp 192.168.1.100:3517 -> 213.248.127.130:1119
Flow 2 risky: udp 192.168.1.100:58818 -> 192.168.1.254:53
Flow 4 risky: udp 192.168.1.100:58831 -> 192.168.1.254:53
-Flow 9 risky: udp 192.168.1.100:58851 -> 192.168.1.254:53
Flow 16 risky: tcp 192.168.1.100:3512 -> 12.129.222.54:80
-Flow 14 risky: udp 192.168.1.100:60026 -> 192.168.1.254:53
diff --git a/test/results/flow-captured/default/stun.pcap.out b/test/results/flow-captured/default/stun.pcap.out
index 9752d2d8d..60aaed3bc 100644
--- a/test/results/flow-captured/default/stun.pcap.out
+++ b/test/results/flow-captured/default/stun.pcap.out
@@ -1,3 +1,3 @@
+Flow 1 risky: tcp 10.77.110.51:41588 -> 10.206.50.239:42000
Flow 3 risky: icmp 192.168.12.169 -> 74.125.247.128
-Flow 2 risky: udp 192.168.12.169:43016 -> 74.125.247.128:3478
Flow 5 risky: udp 192.168.12.169:38123 -> 31.13.86.54:40003
diff --git a/test/results/flow-captured/default/stun_signal.pcapng.out b/test/results/flow-captured/default/stun_signal.pcapng.out
index 7a30a2de8..ddf407456 100644
--- a/test/results/flow-captured/default/stun_signal.pcapng.out
+++ b/test/results/flow-captured/default/stun_signal.pcapng.out
@@ -9,8 +9,6 @@ Flow 12 risky: udp 192.168.12.169:39950 -> 35.158.183.167:443
Flow 9 risky: udp 192.168.12.169:43068 -> 35.158.183.167:443
Flow 17 risky: udp 192.168.12.169:47767 -> 35.158.122.211:443
Flow 16 risky: udp 192.168.12.169:37970 -> 172.253.121.127:19302
-Flow 19 risky: udp 192.168.12.169:47767 -> 35.158.122.211:3478
Flow 15 risky: udp 192.168.12.169:47767 -> 172.253.121.127:19302
Flow 21 risky: icmp 35.158.122.211 -> 192.168.12.169
Flow 18 risky: udp 192.168.12.169:37970 -> 35.158.122.211:443
-Flow 20 risky: udp 192.168.12.169:37970 -> 35.158.122.211:3478
diff --git a/test/results/flow-captured/default/stun_signal_tcp.pcapng.out b/test/results/flow-captured/default/stun_signal_tcp.pcapng.out
index e69de29bb..06a97119b 100644
--- a/test/results/flow-captured/default/stun_signal_tcp.pcapng.out
+++ b/test/results/flow-captured/default/stun_signal_tcp.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 192.168.1.117:51296 -> 35.219.252.146:80
diff --git a/test/results/flow-captured/default/stun_wa_call.pcapng.out b/test/results/flow-captured/default/stun_wa_call.pcapng.out
index dc9da1022..77f10c704 100644
--- a/test/results/flow-captured/default/stun_wa_call.pcapng.out
+++ b/test/results/flow-captured/default/stun_wa_call.pcapng.out
@@ -1,9 +1,3 @@
-Flow 1 risky: udp 192.168.12.156:46652 -> 93.57.123.227:3478
-Flow 6 risky: udp 192.168.12.156:49526 -> 157.240.203.62:3478
-Flow 2 risky: udp 192.168.12.156:46652 -> 157.240.203.62:3478
-Flow 4 risky: udp 192.168.12.156:46652 -> 157.240.21.51:3478
-Flow 5 risky: udp 192.168.12.156:46652 -> 157.240.195.48:3478
-Flow 3 risky: udp 192.168.12.156:46652 -> 157.240.231.62:3478
Flow 12 risky: udp 192.168.12.156:49526 -> 93.33.118.87:41107
Flow 11 risky: udp 192.168.12.156:49526 -> 10.82.40.241:40436
Flow 13 risky: icmp 93.63.100.129 -> 192.168.12.156
diff --git a/test/results/flow-captured/default/teams.pcap.out b/test/results/flow-captured/default/teams.pcap.out
index 88544269b..f2fe48809 100644
--- a/test/results/flow-captured/default/teams.pcap.out
+++ b/test/results/flow-captured/default/teams.pcap.out
@@ -12,6 +12,4 @@ Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
Flow 36 risky: udp 192.168.1.6:61245 -> 192.168.1.1:53
Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53
Flow 67 risky: tcp 192.168.1.6:50021 -> 52.114.250.123:443
-Flow 68 risky: udp 192.168.1.6:50016 -> 52.114.250.141:3478
-Flow 70 risky: udp 192.168.1.6:50036 -> 52.114.250.137:3478
Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
diff --git a/test/results/flow-captured/default/tls-appdata.pcap.out b/test/results/flow-captured/default/tls-appdata.pcap.out
index 3d2549923..920933d19 100644
--- a/test/results/flow-captured/default/tls-appdata.pcap.out
+++ b/test/results/flow-captured/default/tls-appdata.pcap.out
@@ -1,2 +1 @@
-Flow 2 risky: tcp 192.168.2.100:58976 -> 52.223.198.7:443
Flow 2 midstream: tcp 192.168.2.100:58976 -> 52.223.198.7:443
diff --git a/test/results/flow-captured/default/tls_certificate_too_long.pcap.out b/test/results/flow-captured/default/tls_certificate_too_long.pcap.out
index 6a426923a..8cb8fcc8e 100644
--- a/test/results/flow-captured/default/tls_certificate_too_long.pcap.out
+++ b/test/results/flow-captured/default/tls_certificate_too_long.pcap.out
@@ -1,11 +1,8 @@
-Flow 24 risky: tcp 192.168.1.121:53429 -> 52.98.163.18:443
Flow 24 midstream: tcp 192.168.1.121:53429 -> 52.98.163.18:443
-Flow 25 risky: tcp 192.168.1.121:53428 -> 52.98.163.18:443
Flow 25 midstream: tcp 192.168.1.121:53428 -> 52.98.163.18:443
Flow 18 risky: tcp 192.168.1.121:53912 -> 2.22.33.235:80
Flow 19 risky: tcp 192.168.1.121:53913 -> 2.22.33.235:80
Flow 20 midstream: tcp 192.168.1.121:53905 -> 140.82.113.26:443
Flow 2 not-detected: tcp 192.168.1.121:52721 -> 192.168.1.139:55367
Flow 2 midstream: tcp 192.168.1.121:52721 -> 192.168.1.139:55367
-Flow 23 risky: udp 192.168.1.121:51998 -> 8.8.8.8:53
Flow 3 risky: udp 192.168.1.121:52251 -> 8.8.8.8:53
diff --git a/test/results/flow-captured/default/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/flow-captured/default/tls_heur__shadowsocks-tcp.pcapng.out
index 563044a1a..913bafc21 100644
--- a/test/results/flow-captured/default/tls_heur__shadowsocks-tcp.pcapng.out
+++ b/test/results/flow-captured/default/tls_heur__shadowsocks-tcp.pcapng.out
@@ -1,2 +1 @@
-Flow 2 risky: udp 127.0.0.1:41182 -> 127.0.0.53:53
Flow 3 not-detected: tcp 127.0.0.1:40164 -> 127.0.0.1:1234
diff --git a/test/results/flow-captured/default/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/flow-captured/default/tls_heur__trojan-tcp-tls.pcapng.out
index 903e4868a..155d162f2 100644
--- a/test/results/flow-captured/default/tls_heur__trojan-tcp-tls.pcapng.out
+++ b/test/results/flow-captured/default/tls_heur__trojan-tcp-tls.pcapng.out
@@ -1,3 +1,2 @@
-Flow 2 risky: udp 127.0.0.1:52786 -> 127.0.0.53:53
Flow 5 risky: udp 127.0.0.1:53154 -> 127.0.0.53:53
Flow 7 risky: udp 192.168.1.183:39434 -> 192.168.1.253:53
diff --git a/test/results/flow-captured/default/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/flow-captured/default/tls_heur__vmess-tcp-tls.pcapng.out
index bf495d8f4..7f307265b 100644
--- a/test/results/flow-captured/default/tls_heur__vmess-tcp-tls.pcapng.out
+++ b/test/results/flow-captured/default/tls_heur__vmess-tcp-tls.pcapng.out
@@ -1,3 +1,2 @@
Flow 6 risky: udp 127.0.0.1:45262 -> 127.0.0.53:53
-Flow 2 risky: udp 127.0.0.1:46548 -> 127.0.0.53:53
Flow 8 risky: udp 192.168.1.183:42485 -> 192.168.1.253:53
diff --git a/test/results/flow-captured/default/tls_heur__vmess-tcp.pcapng.out b/test/results/flow-captured/default/tls_heur__vmess-tcp.pcapng.out
index d1b413e70..74077315c 100644
--- a/test/results/flow-captured/default/tls_heur__vmess-tcp.pcapng.out
+++ b/test/results/flow-captured/default/tls_heur__vmess-tcp.pcapng.out
@@ -1,2 +1 @@
-Flow 2 risky: udp 127.0.0.1:35957 -> 127.0.0.53:53
Flow 3 not-detected: tcp 127.0.0.1:40818 -> 127.0.0.1:1234
diff --git a/test/results/flow-captured/default/tumblr.pcap.out b/test/results/flow-captured/default/tumblr.pcap.out
index 8e40bd3ca..01d96f8cc 100644
--- a/test/results/flow-captured/default/tumblr.pcap.out
+++ b/test/results/flow-captured/default/tumblr.pcap.out
@@ -1,10 +1,5 @@
-Flow 6 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:42908 -> 64:ff9b::98c7:1593:443
Flow 6 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:42908 -> 64:ff9b::98c7:1593:443
-Flow 9 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43434 -> 64:ff9b::c000:4d28:443
Flow 9 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43434 -> 64:ff9b::c000:4d28:443
-Flow 2 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:48240 -> 64:ff9b::9765:789d:443
Flow 2 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:48240 -> 64:ff9b::9765:789d:443
-Flow 15 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:51874 -> 64:ff9b::c000:4c03:443
Flow 15 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:51874 -> 64:ff9b::c000:4c03:443
-Flow 14 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:56794 -> 64:ff9b::c000:4d03:443
Flow 14 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:56794 -> 64:ff9b::c000:4d03:443
diff --git a/test/results/flow-captured/default/ubntac2.pcap.out b/test/results/flow-captured/default/ubntac2.pcap.out
index e69de29bb..3e93450bb 100644
--- a/test/results/flow-captured/default/ubntac2.pcap.out
+++ b/test/results/flow-captured/default/ubntac2.pcap.out
@@ -0,0 +1 @@
+Flow 2 risky: tcp 192.168.1.138:35726 -> 192.168.1.204:8080
diff --git a/test/results/flow-captured/default/wa_video.pcap.out b/test/results/flow-captured/default/wa_video.pcap.out
index 95578680e..7759095b4 100644
--- a/test/results/flow-captured/default/wa_video.pcap.out
+++ b/test/results/flow-captured/default/wa_video.pcap.out
@@ -1,4 +1,3 @@
-Flow 3 risky: udp 192.168.2.12:53688 -> 31.13.86.48:3478
Flow 11 risky: udp 192.168.2.12:53688 -> 91.252.56.51:32641
Flow 10 risky: udp 192.168.2.12:53688 -> 1.60.78.64:59491
Flow 2 guessed: tcp 192.168.2.12:49355 -> 157.240.20.53:5222
diff --git a/test/results/flow-captured/default/wa_voice.pcap.out b/test/results/flow-captured/default/wa_voice.pcap.out
index 3b1cdbbae..e5c4f239b 100644
--- a/test/results/flow-captured/default/wa_voice.pcap.out
+++ b/test/results/flow-captured/default/wa_voice.pcap.out
@@ -1,11 +1,6 @@
-Flow 14 risky: udp 192.168.2.12:56328 -> 31.13.86.48:3478
Flow 23 risky: udp 91.252.56.51:32704 -> 192.168.2.12:56328
-Flow 18 risky: udp 192.168.2.12:56328 -> 157.240.196.62:3478
-Flow 16 risky: udp 192.168.2.12:56328 -> 157.240.193.48:3478
Flow 9 midstream: tcp 17.171.47.85:443 -> 192.168.2.12:50502
Flow 25 not-detected: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
Flow 25 midstream: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
Flow 24 risky: udp 192.168.2.12:56328 -> 1.60.78.64:64282
-Flow 17 risky: udp 192.168.2.12:56328 -> 179.60.192.48:3478
-Flow 15 risky: udp 192.168.2.12:56328 -> 185.60.216.51:3478
Flow 3 midstream: tcp 192.168.2.12:49354 -> 17.242.60.84:5223
diff --git a/test/results/flow-captured/default/whatsapp_login_call.pcap.out b/test/results/flow-captured/default/whatsapp_login_call.pcap.out
index ddc9a457e..3f94c16f4 100644
--- a/test/results/flow-captured/default/whatsapp_login_call.pcap.out
+++ b/test/results/flow-captured/default/whatsapp_login_call.pcap.out
@@ -1,13 +1,10 @@
Flow 39 risky: udp 192.168.2.4:51518 -> 91.253.176.65:9344
-Flow 29 risky: udp 192.168.2.4:51518 -> 31.13.93.48:3478
Flow 55 risky: udp 192.168.2.4:52794 -> 91.253.176.65:9665
Flow 38 risky: udp 192.168.2.4:51518 -> 1.194.90.191:60312
Flow 6 midstream: tcp 192.168.2.4:49172 -> 23.50.148.228:443
Flow 54 risky: udp 192.168.2.4:52794 -> 1.194.90.191:51727
-Flow 53 risky: udp 192.168.2.4:52794 -> 31.13.84.48:3478
Flow 17 risky: tcp 192.168.2.4:49204 -> 17.173.66.102:443
Flow 57 risky: tcp 192.168.2.4:49205 -> 17.173.66.102:443
-Flow 1 risky: tcp 192.168.2.4:49199 -> 17.172.100.70:993
Flow 1 midstream: tcp 192.168.2.4:49199 -> 17.172.100.70:993
Flow 13 risky: tcp 192.168.2.4:49201 -> 17.178.104.12:443
Flow 16 midstream: tcp 192.168.2.4:49193 -> 17.110.229.14:5223
diff --git a/test/results/flow-captured/default/whatsapp_login_chat.pcap.out b/test/results/flow-captured/default/whatsapp_login_chat.pcap.out
index 185febc11..7e13f56f1 100644
--- a/test/results/flow-captured/default/whatsapp_login_chat.pcap.out
+++ b/test/results/flow-captured/default/whatsapp_login_chat.pcap.out
@@ -1,4 +1,3 @@
-Flow 4 risky: tcp 192.168.2.4:49205 -> 17.173.66.102:443
Flow 4 midstream: tcp 192.168.2.4:49205 -> 17.173.66.102:443
Flow 9 risky: tcp 17.110.229.14:5223 -> 192.168.2.4:49193
Flow 9 midstream: tcp 17.110.229.14:5223 -> 192.168.2.4:49193
diff --git a/test/results/flow-captured/default/wow.pcap.out b/test/results/flow-captured/default/wow.pcap.out
deleted file mode 100644
index 7f4ebdbdf..000000000
--- a/test/results/flow-captured/default/wow.pcap.out
+++ /dev/null
@@ -1,2 +0,0 @@
-Flow 2 risky: tcp 192.168.178.20:39312 -> 24.105.29.21:80
-Flow 1 risky: tcp 192.168.178.20:39309 -> 12.129.222.53:80
diff --git a/test/results/flow-captured/default/zoom.pcap.out b/test/results/flow-captured/default/zoom.pcap.out
index 23e621dfe..4df3e0448 100644
--- a/test/results/flow-captured/default/zoom.pcap.out
+++ b/test/results/flow-captured/default/zoom.pcap.out
@@ -1,5 +1,4 @@
Flow 14 risky: udp 192.168.1.117:23903 -> 162.255.38.14:3479
-Flow 16 risky: tcp 192.168.1.117:53872 -> 35.186.224.53:443
Flow 16 midstream: tcp 192.168.1.117:53872 -> 35.186.224.53:443
Flow 9 risky: udp 192.168.1.117:65394 -> 192.168.1.1:53
Flow 30 risky: tcp 192.168.1.117:54871 -> 109.94.160.99:443
diff --git a/test/results/flow-captured/default/zoom2.pcap.out b/test/results/flow-captured/default/zoom2.pcap.out
index f00467b39..e69de29bb 100644
--- a/test/results/flow-captured/default/zoom2.pcap.out
+++ b/test/results/flow-captured/default/zoom2.pcap.out
@@ -1,3 +0,0 @@
-Flow 2 risky: udp 192.168.1.178:60653 -> 144.195.73.154:8801
-Flow 3 risky: udp 192.168.1.178:58117 -> 144.195.73.154:8801
-Flow 4 risky: udp 192.168.1.178:57953 -> 144.195.73.154:8801
Powered by cgit, Themed by Ted Yin.