aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-captured/default
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-captured/default')
-rw-r--r--test/results/flow-captured/default/1kxun.pcap.out4
-rw-r--r--test/results/flow-captured/default/KakaoTalk_chat.pcap.out2
-rw-r--r--test/results/flow-captured/default/KakaoTalk_talk.pcap.out4
-rw-r--r--test/results/flow-captured/default/alexa-app.pcapng.out54
-rw-r--r--test/results/flow-captured/default/anyconnect-vpn.pcap.out2
-rw-r--r--test/results/flow-captured/default/dingtalk.pcap.out0
-rw-r--r--test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out38
-rw-r--r--test/results/flow-captured/default/emotet.pcap.out1
-rw-r--r--test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out1
-rw-r--r--test/results/flow-captured/default/googledns_android10.pcap.out2
-rw-r--r--test/results/flow-captured/default/http-basic-auth.pcap.out15
-rw-r--r--test/results/flow-captured/default/http-pwd.pcapng.out1
-rw-r--r--test/results/flow-captured/default/http_ipv6.pcap.out1
-rw-r--r--test/results/flow-captured/default/instagram.pcap.out1
-rw-r--r--test/results/flow-captured/default/naver.pcap.out0
-rw-r--r--test/results/flow-captured/default/netflix.pcap.out5
-rw-r--r--test/results/flow-captured/default/ocs.pcap.out5
-rw-r--r--test/results/flow-captured/default/ookla.pcap.out1
-rw-r--r--test/results/flow-captured/default/openvpn_obfuscated.pcapng.out4
-rw-r--r--test/results/flow-captured/default/paltalk.pcapng.out0
-rw-r--r--test/results/flow-captured/default/quic_sh.pcap.out3
-rw-r--r--test/results/flow-captured/default/rdp_over_tls.pcap.out1
-rw-r--r--test/results/flow-captured/default/safari.pcap.out4
-rw-r--r--test/results/flow-captured/default/sites2.pcapng.out0
-rw-r--r--test/results/flow-captured/default/smtp-starttls.pcap.out2
-rw-r--r--test/results/flow-captured/default/snapchat.pcap.out1
-rw-r--r--test/results/flow-captured/default/sonos.pcapng.out1
-rw-r--r--test/results/flow-captured/default/stun_wa_call.pcapng.out4
-rw-r--r--test/results/flow-captured/default/teams.pcap.out4
-rw-r--r--test/results/flow-captured/default/tls_1.2_unidirectional_client.pcapng.out0
-rw-r--r--test/results/flow-captured/default/tls_1.2_unidirectional_client_no_cert.pcapng.out0
-rw-r--r--test/results/flow-captured/default/tls_1.2_unidirectional_server.pcapng.out0
-rw-r--r--test/results/flow-captured/default/tls_1.2_unidirectional_server_no_cert.pcapng.out0
-rw-r--r--test/results/flow-captured/default/tls_1.3_unidirectional_client.pcapng.out0
-rw-r--r--test/results/flow-captured/default/tls_1.3_unidirectional_server.pcapng.out0
-rw-r--r--test/results/flow-captured/default/tls_change_cipher.pcap.out0
-rw-r--r--test/results/flow-captured/default/tls_heur__shadowsocks-tcp.pcapng.out2
-rw-r--r--test/results/flow-captured/default/tls_heur__trojan-tcp-tls.pcapng.out3
-rw-r--r--test/results/flow-captured/default/tls_heur__vmess-tcp-tls.pcapng.out3
-rw-r--r--test/results/flow-captured/default/tls_heur__vmess-tcp.pcapng.out2
-rw-r--r--test/results/flow-captured/default/tls_heur__vmess-websocket.pcapng.out1
-rw-r--r--test/results/flow-captured/default/tls_with_huge_ch.pcapng.out1
-rw-r--r--test/results/flow-captured/default/tor.pcap.out6
-rw-r--r--test/results/flow-captured/default/waze.pcap.out5
-rw-r--r--test/results/flow-captured/default/webex.pcap.out19
-rw-r--r--test/results/flow-captured/default/whatsapp_login_call.pcap.out4
-rw-r--r--test/results/flow-captured/default/windscribe.pcapng.out1
-rw-r--r--test/results/flow-captured/default/zoom.pcap.out3
48 files changed, 67 insertions, 144 deletions
diff --git a/test/results/flow-captured/default/1kxun.pcap.out b/test/results/flow-captured/default/1kxun.pcap.out
index e68307bbc..034a664ad 100644
--- a/test/results/flow-captured/default/1kxun.pcap.out
+++ b/test/results/flow-captured/default/1kxun.pcap.out
@@ -21,10 +21,6 @@ Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
-Flow 45 risky: tcp 192.168.5.16:53623 -> 192.168.115.75:443
-Flow 87 risky: tcp 192.168.5.16:53625 -> 192.168.115.75:443
-Flow 107 risky: tcp 192.168.5.16:53626 -> 192.168.115.75:443
-Flow 117 risky: tcp 192.168.5.16:53629 -> 192.168.115.75:443
Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
diff --git a/test/results/flow-captured/default/KakaoTalk_chat.pcap.out b/test/results/flow-captured/default/KakaoTalk_chat.pcap.out
index fe86462c2..39160a3b9 100644
--- a/test/results/flow-captured/default/KakaoTalk_chat.pcap.out
+++ b/test/results/flow-captured/default/KakaoTalk_chat.pcap.out
@@ -1,5 +1,5 @@
Flow 26 risky: tcp 10.24.82.188:43581 -> 31.13.68.70:443
-Flow 34 risky: tcp 10.24.82.188:35511 -> 173.252.97.2:443
Flow 15 risky: tcp 10.24.82.188:35503 -> 173.252.97.2:443
+Flow 34 risky: tcp 10.24.82.188:35511 -> 173.252.97.2:443
Flow 37 midstream: tcp 10.24.82.188:49217 -> 216.58.220.174:443
Flow 22 midstream: tcp 31.13.68.73:443 -> 10.24.82.188:47007
diff --git a/test/results/flow-captured/default/KakaoTalk_talk.pcap.out b/test/results/flow-captured/default/KakaoTalk_talk.pcap.out
index 68d1bf6a1..56ea1f174 100644
--- a/test/results/flow-captured/default/KakaoTalk_talk.pcap.out
+++ b/test/results/flow-captured/default/KakaoTalk_talk.pcap.out
@@ -1,4 +1,4 @@
+Flow 4 risky: tcp 10.24.82.188:48489 -> 203.205.147.215:80
Flow 6 risky: tcp 10.24.82.188:32968 -> 110.76.143.50:8080
-Flow 8 risky: tcp 10.24.82.188:58857 -> 110.76.143.50:9001
-Flow 19 risky: tcp 10.24.82.188:59954 -> 173.252.88.128:443
Flow 14 midstream: tcp 10.24.82.188:49217 -> 216.58.220.174:443
+Flow 8 risky: tcp 10.24.82.188:58857 -> 110.76.143.50:9001
diff --git a/test/results/flow-captured/default/alexa-app.pcapng.out b/test/results/flow-captured/default/alexa-app.pcapng.out
index b3d3ac84c..04eafb2eb 100644
--- a/test/results/flow-captured/default/alexa-app.pcapng.out
+++ b/test/results/flow-captured/default/alexa-app.pcapng.out
@@ -1,34 +1,9 @@
-Flow 28 risky: tcp 172.16.42.216:45661 -> 52.94.232.134:443
Flow 14 risky: icmp 172.16.42.1 -> 172.16.42.216
-Flow 80 risky: tcp 172.16.42.216:45703 -> 52.94.232.134:443
-Flow 87 risky: tcp 172.16.42.216:45710 -> 52.94.232.134:443
-Flow 89 risky: tcp 172.16.42.216:45712 -> 52.94.232.134:443
-Flow 107 risky: tcp 172.16.42.216:40856 -> 54.239.29.253:443
-Flow 105 risky: tcp 172.16.42.216:40854 -> 54.239.29.253:443
-Flow 88 risky: tcp 172.16.42.216:45711 -> 52.94.232.134:443
Flow 120 risky: tcp 172.16.42.216:51986 -> 52.84.63.56:80
-Flow 125 risky: tcp 172.16.42.216:40871 -> 54.239.29.253:443
Flow 129 risky: tcp 172.16.42.216:51995 -> 52.84.63.56:80
Flow 126 risky: tcp 172.16.42.216:51992 -> 52.84.63.56:80
Flow 45 risky: tcp 172.16.42.216:49589 -> 52.94.232.134:80
-Flow 29 risky: tcp 172.16.42.216:45662 -> 52.94.232.134:443
-Flow 30 risky: tcp 172.16.42.216:45663 -> 52.94.232.134:443
-Flow 43 risky: tcp 172.16.42.216:45673 -> 52.94.232.134:443
-Flow 44 risky: tcp 172.16.42.216:45674 -> 52.94.232.134:443
-Flow 46 risky: tcp 172.16.42.216:45676 -> 52.94.232.134:443
-Flow 47 risky: tcp 172.16.42.216:45677 -> 52.94.232.134:443
-Flow 48 risky: tcp 172.16.42.216:45678 -> 52.94.232.134:443
-Flow 49 risky: tcp 172.16.42.216:45679 -> 52.94.232.134:443
-Flow 50 risky: tcp 172.16.42.216:45680 -> 52.94.232.134:443
-Flow 53 risky: tcp 172.16.42.216:45683 -> 52.94.232.134:443
-Flow 57 risky: tcp 172.16.42.216:45687 -> 52.94.232.134:443
-Flow 59 risky: tcp 172.16.42.216:45688 -> 52.94.232.134:443
-Flow 67 risky: tcp 172.16.42.216:45693 -> 52.94.232.134:443
-Flow 70 risky: tcp 172.16.42.216:45695 -> 52.94.232.134:443
-Flow 71 risky: tcp 172.16.42.216:45696 -> 52.94.232.134:443
-Flow 72 risky: tcp 172.16.42.216:45697 -> 52.94.232.134:443
-Flow 74 risky: tcp 172.16.42.216:45698 -> 52.94.232.134:443
-Flow 157 risky: tcp 172.16.42.216:38483 -> 52.85.209.143:443
+Flow 28 risky: tcp 172.16.42.216:45661 -> 52.94.232.134:443
Flow 142 risky: tcp 172.16.42.216:50799 -> 54.239.28.178:443
Flow 119 risky: tcp 172.16.42.216:51985 -> 52.84.63.56:80
Flow 121 risky: tcp 172.16.42.216:51987 -> 52.84.63.56:80
@@ -40,25 +15,14 @@ Flow 128 risky: tcp 172.16.42.216:51994 -> 52.84.63.56:80
Flow 130 risky: tcp 172.16.42.216:51996 -> 52.84.63.56:80
Flow 131 risky: tcp 172.16.42.216:51997 -> 52.84.63.56:80
Flow 93 risky: tcp 172.16.42.216:49630 -> 52.94.232.134:80
-Flow 117 risky: tcp 172.16.42.216:40864 -> 54.239.29.253:443
-Flow 132 risky: tcp 172.16.42.216:40878 -> 54.239.29.253:443
-Flow 75 risky: tcp 172.16.42.216:37113 -> 52.94.232.134:443
-Flow 81 risky: tcp 172.16.42.216:45704 -> 52.94.232.134:443
-Flow 82 risky: tcp 172.16.42.216:45705 -> 52.94.232.134:443
-Flow 86 risky: tcp 172.16.42.216:45709 -> 52.94.232.134:443
-Flow 91 risky: tcp 172.16.42.216:45714 -> 52.94.232.134:443
-Flow 92 risky: tcp 172.16.42.216:45715 -> 52.94.232.134:443
-Flow 109 risky: tcp 172.16.42.216:45728 -> 52.94.232.134:443
-Flow 110 risky: tcp 172.16.42.216:45729 -> 52.94.232.134:443
-Flow 111 risky: tcp 172.16.42.216:45730 -> 52.94.232.134:443
-Flow 112 risky: tcp 172.16.42.216:45731 -> 52.94.232.134:443
-Flow 113 risky: tcp 172.16.42.216:45732 -> 52.94.232.134:443
-Flow 133 risky: tcp 172.16.42.216:45750 -> 52.94.232.134:443
-Flow 134 risky: tcp 172.16.42.216:45751 -> 52.94.232.134:443
-Flow 137 risky: tcp 172.16.42.216:45752 -> 52.94.232.134:443
-Flow 136 risky: tcp 172.16.42.216:39750 -> 52.94.232.134:443
-Flow 156 risky: tcp 172.16.42.216:58048 -> 54.239.28.178:443
+Flow 105 risky: tcp 172.16.42.216:40854 -> 54.239.29.253:443
+Flow 107 risky: tcp 172.16.42.216:40856 -> 54.239.29.253:443
+Flow 125 risky: tcp 172.16.42.216:40871 -> 54.239.29.253:443
+Flow 80 risky: tcp 172.16.42.216:45703 -> 52.94.232.134:443
+Flow 87 risky: tcp 172.16.42.216:45710 -> 52.94.232.134:443
+Flow 88 risky: tcp 172.16.42.216:45711 -> 52.94.232.134:443
+Flow 89 risky: tcp 172.16.42.216:45712 -> 52.94.232.134:443
Flow 65 risky: tcp 172.16.42.216:41691 -> 54.239.29.146:443
+Flow 157 risky: tcp 172.16.42.216:38483 -> 52.85.209.143:443
Flow 99 risky: tcp 172.16.42.216:44001 -> 176.32.101.52:443
-Flow 11 risky: tcp 172.16.42.216:42878 -> 173.194.223.188:5228
Flow 16 risky: tcp 172.16.42.216:55242 -> 52.85.209.197:443
diff --git a/test/results/flow-captured/default/anyconnect-vpn.pcap.out b/test/results/flow-captured/default/anyconnect-vpn.pcap.out
index 1dbcad056..996513233 100644
--- a/test/results/flow-captured/default/anyconnect-vpn.pcap.out
+++ b/test/results/flow-captured/default/anyconnect-vpn.pcap.out
@@ -1,4 +1,3 @@
-Flow 30 risky: tcp 10.0.0.227:56921 -> 8.37.96.194:4287
Flow 25 midstream: tcp 10.0.0.227:56884 -> 184.25.56.77:80
Flow 24 midstream: tcp 10.0.0.227:56917 -> 184.25.56.77:80
Flow 26 risky: udp 10.0.0.227:54851 -> 75.75.76.76:53
@@ -12,6 +11,7 @@ Flow 3 risky: tcp 10.0.0.227:56320 -> 10.0.0.149:8009
Flow 3 midstream: tcp 10.0.0.227:56320 -> 10.0.0.149:8009
Flow 44 risky: tcp 10.0.0.227:56886 -> 17.57.144.116:5223
Flow 44 midstream: tcp 10.0.0.227:56886 -> 17.57.144.116:5223
+Flow 30 risky: tcp 10.0.0.227:56921 -> 8.37.96.194:4287
Flow 15 risky: tcp 10.0.0.227:56919 -> 8.37.102.91:443
Flow 38 risky: tcp 10.0.0.227:56929 -> 8.37.102.91:443
Flow 40 not-detected: tcp 10.0.0.227:56866 -> 10.0.0.151:8060
diff --git a/test/results/flow-captured/default/dingtalk.pcap.out b/test/results/flow-captured/default/dingtalk.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/dingtalk.pcap.out
diff --git a/test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out b/test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out
index 402ab903d..e69de29bb 100644
--- a/test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out
+++ b/test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out
@@ -1,38 +0,0 @@
-Flow 29 risky: tcp 10.0.0.1:35714 -> 209.250.241.25:443
-Flow 29 midstream: tcp 10.0.0.1:35714 -> 209.250.241.25:443
-Flow 12 midstream: tcp 10.0.0.1:41720 -> 116.203.179.248:443
-Flow 34 risky: tcp 10.0.0.1:35742 -> 209.250.241.25:443
-Flow 34 midstream: tcp 10.0.0.1:35742 -> 209.250.241.25:443
-Flow 25 risky: tcp 10.0.0.1:52028 -> 45.76.113.31:8443
-Flow 25 midstream: tcp 10.0.0.1:52028 -> 45.76.113.31:8443
-Flow 26 midstream: tcp 10.0.0.1:34036 -> 217.169.20.23:443
-Flow 10 midstream: tcp 10.0.0.1:55322 -> 185.134.196.55:443
-Flow 14 midstream: tcp 10.0.0.1:46658 -> 185.233.106.232:443
-Flow 20 midstream: tcp 10.0.0.1:33724 -> 104.28.28.34:443
-Flow 6 midstream: tcp 10.0.0.1:40938 -> 172.104.93.80:443
-Flow 4 midstream: tcp 10.0.0.1:55962 -> 51.158.147.50:443
-Flow 8 risky: tcp 10.0.0.1:38186 -> 185.43.135.1:443
-Flow 8 midstream: tcp 10.0.0.1:38186 -> 185.43.135.1:443
-Flow 13 midstream: tcp 10.0.0.1:60026 -> 195.30.94.28:443
-Flow 31 midstream: tcp 10.0.0.1:57058 -> 46.227.200.54:443
-Flow 17 midstream: tcp 10.0.0.1:44640 -> 185.235.81.1:443
-Flow 21 midstream: tcp 10.0.0.1:53802 -> 1.0.0.1:443
-Flow 28 midstream: tcp 10.0.0.1:54164 -> 193.70.85.11:443
-Flow 27 midstream: tcp 10.0.0.1:43718 -> 146.255.56.98:443
-Flow 33 midstream: tcp 10.0.0.1:44704 -> 185.235.81.1:443
-Flow 18 midstream: tcp 10.0.0.1:43106 -> 116.202.176.26:443
-Flow 9 midstream: tcp 10.0.0.1:51770 -> 9.9.9.10:443
-Flow 32 midstream: tcp 10.0.0.1:51846 -> 9.9.9.10:443
-Flow 30 midstream: tcp 10.0.0.1:43888 -> 95.216.229.153:443
-Flow 11 midstream: tcp 10.0.0.1:52386 -> 51.15.124.208:443
-Flow 19 midstream: tcp 10.0.0.1:59026 -> 85.5.93.230:443
-Flow 23 midstream: tcp 10.0.0.1:52176 -> 136.144.215.158:443
-Flow 22 midstream: tcp 10.0.0.1:33338 -> 45.90.28.0:443
-Flow 15 risky: tcp 10.0.0.1:36012 -> 149.56.228.45:453
-Flow 15 midstream: tcp 10.0.0.1:36012 -> 149.56.228.45:453
-Flow 7 risky: tcp 10.0.0.1:37530 -> 167.114.220.125:453
-Flow 7 midstream: tcp 10.0.0.1:37530 -> 167.114.220.125:453
-Flow 3 midstream: tcp 10.0.0.1:50614 -> 185.95.218.42:443
-Flow 24 midstream: tcp 10.0.0.1:39214 -> 104.28.0.106:443
-Flow 16 midstream: tcp 10.0.0.1:38018 -> 45.153.187.96:443
-Flow 5 midstream: tcp 10.0.0.1:59404 -> 185.253.154.66:443
diff --git a/test/results/flow-captured/default/emotet.pcap.out b/test/results/flow-captured/default/emotet.pcap.out
index 3eb459004..5a3513579 100644
--- a/test/results/flow-captured/default/emotet.pcap.out
+++ b/test/results/flow-captured/default/emotet.pcap.out
@@ -1,3 +1,2 @@
Flow 3 risky: tcp 10.4.20.102:54319 -> 107.161.178.210:80
Flow 4 risky: tcp 10.4.25.101:49797 -> 77.105.36.156:80
-Flow 6 risky: tcp 10.4.25.101:49804 -> 138.197.147.101:443
diff --git a/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out
index 7ba8a7993..31d61ed01 100644
--- a/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out
@@ -1,3 +1,4 @@
+Flow 5 risky: tcp 172.20.3.13:53132 -> 172.20.3.5:80
Flow 34 risky: tcp 172.20.3.13:53136 -> 172.20.3.5:80
Flow 34 midstream: tcp 172.20.3.13:53136 -> 172.20.3.5:80
Flow 39 not-detected: 115 172.20.3.13 -> 172.20.3.5
diff --git a/test/results/flow-captured/default/googledns_android10.pcap.out b/test/results/flow-captured/default/googledns_android10.pcap.out
index 6814757f0..a1dd70b50 100644
--- a/test/results/flow-captured/default/googledns_android10.pcap.out
+++ b/test/results/flow-captured/default/googledns_android10.pcap.out
@@ -1,4 +1,4 @@
-Flow 4 risky: tcp 192.168.1.159:48048 -> 8.8.4.4:853
Flow 5 risky: icmp 192.168.1.159 -> 8.8.8.8
+Flow 4 risky: tcp 192.168.1.159:48048 -> 8.8.4.4:853
Flow 7 risky: tcp 192.168.1.159:48098 -> 8.8.4.4:853
Flow 8 risky: tcp 192.168.1.159:48210 -> 8.8.4.4:853
diff --git a/test/results/flow-captured/default/http-basic-auth.pcap.out b/test/results/flow-captured/default/http-basic-auth.pcap.out
new file mode 100644
index 000000000..d891a90e8
--- /dev/null
+++ b/test/results/flow-captured/default/http-basic-auth.pcap.out
@@ -0,0 +1,15 @@
+Flow 1 risky: tcp 192.168.0.4:54317 -> 192.254.189.169:80
+Flow 2 risky: tcp 192.168.0.4:54318 -> 192.254.189.169:80
+Flow 7 risky: tcp 192.168.0.4:54337 -> 192.254.189.169:80
+Flow 8 risky: tcp 192.168.0.4:54338 -> 192.254.189.169:80
+Flow 9 risky: tcp 192.168.0.4:54340 -> 192.254.189.169:80
+Flow 14 risky: tcp 192.168.0.4:54487 -> 192.254.189.169:80
+Flow 15 risky: tcp 192.168.0.4:54505 -> 192.254.189.169:80
+Flow 24 risky: tcp 192.168.0.4:54584 -> 192.254.189.169:80
+Flow 10 risky: tcp 192.168.0.4:54341 -> 192.254.189.169:80
+Flow 11 risky: tcp 192.168.0.4:54342 -> 192.254.189.169:80
+Flow 12 risky: tcp 192.168.0.4:54343 -> 192.254.189.169:80
+Flow 20 risky: tcp 192.168.0.4:54580 -> 192.254.189.169:80
+Flow 21 risky: tcp 192.168.0.4:54581 -> 192.254.189.169:80
+Flow 22 risky: tcp 192.168.0.4:54582 -> 192.254.189.169:80
+Flow 23 risky: tcp 192.168.0.4:54583 -> 192.254.189.169:80
diff --git a/test/results/flow-captured/default/http-pwd.pcapng.out b/test/results/flow-captured/default/http-pwd.pcapng.out
new file mode 100644
index 000000000..2f04e0388
--- /dev/null
+++ b/test/results/flow-captured/default/http-pwd.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 127.0.0.1:56451 -> 127.0.0.1:3000
diff --git a/test/results/flow-captured/default/http_ipv6.pcap.out b/test/results/flow-captured/default/http_ipv6.pcap.out
index 5ac0c101b..e69de29bb 100644
--- a/test/results/flow-captured/default/http_ipv6.pcap.out
+++ b/test/results/flow-captured/default/http_ipv6.pcap.out
@@ -1 +0,0 @@
-Flow 12 risky: tcp 2a00:d40:1:3:7aac:c0ff:fea7:d4c:37506 -> 2a03:b0c0:3:d0::70:1001:443
diff --git a/test/results/flow-captured/default/instagram.pcap.out b/test/results/flow-captured/default/instagram.pcap.out
index 30265e546..3850d611e 100644
--- a/test/results/flow-captured/default/instagram.pcap.out
+++ b/test/results/flow-captured/default/instagram.pcap.out
@@ -9,7 +9,6 @@ Flow 7 midstream: tcp 192.168.0.103:33976 -> 77.67.29.17:80
Flow 28 guessed: tcp 31.13.86.52:80 -> 192.168.0.103:58216
Flow 28 not-detected: tcp 31.13.86.52:80 -> 192.168.0.103:58216
Flow 28 midstream: tcp 31.13.86.52:80 -> 192.168.0.103:58216
-Flow 1 risky: tcp 192.168.0.103:56382 -> 173.252.107.4:443
Flow 29 guessed: tcp 2.22.236.51:80 -> 192.168.0.103:44151
Flow 29 not-detected: tcp 2.22.236.51:80 -> 192.168.0.103:44151
Flow 29 midstream: tcp 2.22.236.51:80 -> 192.168.0.103:44151
diff --git a/test/results/flow-captured/default/naver.pcap.out b/test/results/flow-captured/default/naver.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/naver.pcap.out
diff --git a/test/results/flow-captured/default/netflix.pcap.out b/test/results/flow-captured/default/netflix.pcap.out
index 2b4cb701c..dad38067c 100644
--- a/test/results/flow-captured/default/netflix.pcap.out
+++ b/test/results/flow-captured/default/netflix.pcap.out
@@ -13,15 +13,12 @@ Flow 40 risky: tcp 192.168.1.7:53179 -> 23.246.11.141:80
Flow 37 risky: tcp 192.168.1.7:53176 -> 23.246.11.141:80
Flow 44 risky: tcp 192.168.1.7:53183 -> 23.246.3.140:80
Flow 2 risky: udp 192.168.1.7:51543 -> 192.168.1.1:53
-Flow 57 risky: tcp 192.168.1.7:53249 -> 52.41.30.5:443
Flow 47 risky: tcp 192.168.1.7:53202 -> 54.191.17.51:443
-Flow 8 risky: tcp 192.168.1.7:53117 -> 52.32.196.36:443
Flow 28 risky: tcp 192.168.1.7:53153 -> 184.25.204.24:80
Flow 14 risky: tcp 192.168.1.7:53132 -> 52.89.39.139:443
Flow 15 risky: tcp 192.168.1.7:53133 -> 52.89.39.139:443
-Flow 16 risky: tcp 192.168.1.7:53134 -> 52.89.39.139:443
Flow 52 risky: udp 192.168.1.7:51622 -> 192.168.1.1:53
-Flow 58 risky: tcp 192.168.1.7:53250 -> 52.41.30.5:443
+Flow 57 risky: tcp 192.168.1.7:53249 -> 52.41.30.5:443
Flow 31 risky: tcp 192.168.1.7:53164 -> 23.246.10.139:80
Flow 45 risky: tcp 192.168.1.7:53184 -> 23.246.11.141:80
Flow 50 risky: tcp 192.168.1.7:53210 -> 23.246.11.133:80
diff --git a/test/results/flow-captured/default/ocs.pcap.out b/test/results/flow-captured/default/ocs.pcap.out
index 90f35e706..90f0a8251 100644
--- a/test/results/flow-captured/default/ocs.pcap.out
+++ b/test/results/flow-captured/default/ocs.pcap.out
@@ -1,7 +1,2 @@
Flow 13 risky: tcp 192.168.180.2:49881 -> 178.248.208.54:80
Flow 20 risky: tcp 192.168.180.2:42590 -> 178.248.208.210:80
-Flow 6 risky: tcp 192.168.180.2:39263 -> 23.21.230.199:443
-Flow 15 risky: tcp 192.168.180.2:36680 -> 178.248.208.54:443
-Flow 16 risky: tcp 192.168.180.2:32946 -> 64.233.184.188:443
-Flow 10 risky: tcp 192.168.180.2:41223 -> 216.58.208.46:443
-Flow 18 risky: tcp 192.168.180.2:47803 -> 64.233.166.95:443
diff --git a/test/results/flow-captured/default/ookla.pcap.out b/test/results/flow-captured/default/ookla.pcap.out
index 76a45ed58..1f5694308 100644
--- a/test/results/flow-captured/default/ookla.pcap.out
+++ b/test/results/flow-captured/default/ookla.pcap.out
@@ -1,2 +1 @@
Flow 3 risky: tcp 192.168.1.7:51207 -> 46.44.253.187:80
-Flow 6 risky: tcp 192.168.1.128:35830 -> 89.96.108.170:8080
diff --git a/test/results/flow-captured/default/openvpn_obfuscated.pcapng.out b/test/results/flow-captured/default/openvpn_obfuscated.pcapng.out
new file mode 100644
index 000000000..073dd5a71
--- /dev/null
+++ b/test/results/flow-captured/default/openvpn_obfuscated.pcapng.out
@@ -0,0 +1,4 @@
+Flow 1 guessed: tcp 192.168.12.156:37976 -> 185.128.25.99:465
+Flow 1 not-detected: tcp 192.168.12.156:37976 -> 185.128.25.99:465
+Flow 3 guessed: tcp 107.161.86.131:443 -> 192.168.12.156:48072
+Flow 3 not-detected: tcp 107.161.86.131:443 -> 192.168.12.156:48072
diff --git a/test/results/flow-captured/default/paltalk.pcapng.out b/test/results/flow-captured/default/paltalk.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/paltalk.pcapng.out
diff --git a/test/results/flow-captured/default/quic_sh.pcap.out b/test/results/flow-captured/default/quic_sh.pcap.out
new file mode 100644
index 000000000..b81c51fc0
--- /dev/null
+++ b/test/results/flow-captured/default/quic_sh.pcap.out
@@ -0,0 +1,3 @@
+Flow 3 risky: udp 192.168.1.245:40408 -> 13.226.175.53:443
+Flow 1 risky: udp 2001:b07:a3d:c112:91b7:b97e:6e2:fad8:37542 -> 2606:4700:7::a29f:9804:443
+Flow 2 risky: udp 2a00:1450:4002:411::200e:443 -> 2001:b07:a3d:c112:91b7:b97e:6e2:fad8:33144
diff --git a/test/results/flow-captured/default/rdp_over_tls.pcap.out b/test/results/flow-captured/default/rdp_over_tls.pcap.out
new file mode 100644
index 000000000..16134110e
--- /dev/null
+++ b/test/results/flow-captured/default/rdp_over_tls.pcap.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 91.238.181.21:35888 -> 89.31.79.12:3389
diff --git a/test/results/flow-captured/default/safari.pcap.out b/test/results/flow-captured/default/safari.pcap.out
index 8b4353ac7..4f6e400bc 100644
--- a/test/results/flow-captured/default/safari.pcap.out
+++ b/test/results/flow-captured/default/safari.pcap.out
@@ -1,5 +1 @@
Flow 4 risky: tcp 192.168.1.178:55267 -> 146.48.58.18:443
-Flow 2 risky: tcp 192.168.1.178:55265 -> 146.48.58.18:443
-Flow 3 risky: tcp 192.168.1.178:55266 -> 146.48.58.18:443
-Flow 5 risky: tcp 192.168.1.178:55268 -> 146.48.58.18:443
-Flow 6 risky: tcp 192.168.1.178:55269 -> 146.48.58.18:443
diff --git a/test/results/flow-captured/default/sites2.pcapng.out b/test/results/flow-captured/default/sites2.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/sites2.pcapng.out
diff --git a/test/results/flow-captured/default/smtp-starttls.pcap.out b/test/results/flow-captured/default/smtp-starttls.pcap.out
index e1a4b74a1..91d1e8a54 100644
--- a/test/results/flow-captured/default/smtp-starttls.pcap.out
+++ b/test/results/flow-captured/default/smtp-starttls.pcap.out
@@ -1,2 +1,2 @@
-Flow 1 risky: tcp 10.0.0.1:57406 -> 173.194.68.26:25
Flow 2 risky: tcp 2003:de:2016:125:fc36:8317:4e86:cb72:7562 -> 2003:de:2016:120::a08:53:25
+Flow 1 risky: tcp 10.0.0.1:57406 -> 173.194.68.26:25
diff --git a/test/results/flow-captured/default/snapchat.pcap.out b/test/results/flow-captured/default/snapchat.pcap.out
index 81b9eb29b..e69de29bb 100644
--- a/test/results/flow-captured/default/snapchat.pcap.out
+++ b/test/results/flow-captured/default/snapchat.pcap.out
@@ -1 +0,0 @@
-Flow 1 risky: tcp 10.8.0.1:33233 -> 74.125.136.141:443
diff --git a/test/results/flow-captured/default/sonos.pcapng.out b/test/results/flow-captured/default/sonos.pcapng.out
new file mode 100644
index 000000000..1c7e2dd75
--- /dev/null
+++ b/test/results/flow-captured/default/sonos.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 192.168.1.29:52425 -> 192.168.1.70:1443
diff --git a/test/results/flow-captured/default/stun_wa_call.pcapng.out b/test/results/flow-captured/default/stun_wa_call.pcapng.out
index 333efcc49..0d1b98afe 100644
--- a/test/results/flow-captured/default/stun_wa_call.pcapng.out
+++ b/test/results/flow-captured/default/stun_wa_call.pcapng.out
@@ -5,9 +5,5 @@ Flow 4 risky: udp 192.168.12.156:46652 -> 157.240.21.51:3478
Flow 5 risky: udp 192.168.12.156:46652 -> 157.240.195.48:3478
Flow 3 risky: udp 192.168.12.156:46652 -> 157.240.231.62:3478
Flow 13 risky: icmp 93.63.100.129 -> 192.168.12.156
-Flow 7 risky: udp 192.168.12.156:49526 -> 157.240.231.62:3478
-Flow 8 risky: udp 192.168.12.156:49526 -> 157.240.196.62:3478
Flow 11 risky: udp 192.168.12.156:49526 -> 10.82.40.241:40436
Flow 12 risky: udp 192.168.12.156:49526 -> 93.33.118.87:41107
-Flow 9 risky: udp 192.168.12.156:49526 -> 179.60.192.48:3478
-Flow 10 risky: udp 192.168.12.156:49526 -> 185.60.216.51:3478
diff --git a/test/results/flow-captured/default/teams.pcap.out b/test/results/flow-captured/default/teams.pcap.out
index f9a450ce5..4e70f518c 100644
--- a/test/results/flow-captured/default/teams.pcap.out
+++ b/test/results/flow-captured/default/teams.pcap.out
@@ -1,4 +1,3 @@
-Flow 7 risky: tcp 192.168.1.6:60535 -> 52.114.77.33:443
Flow 48 risky: tcp 192.168.1.6:60559 -> 52.114.77.33:443
Flow 64 risky: tcp 192.168.1.6:50018 -> 52.114.250.123:443
Flow 78 risky: udp 93.71.110.205:16332 -> 192.168.1.6:50016
@@ -6,11 +5,10 @@ Flow 67 risky: tcp 192.168.1.6:50021 -> 52.114.250.123:443
Flow 43 risky: tcp 192.168.1.6:60554 -> 52.113.194.132:443
Flow 36 risky: udp 192.168.1.6:61245 -> 192.168.1.1:53
Flow 4 risky: tcp 192.168.1.6:60532 -> 52.114.77.33:443
+Flow 7 risky: tcp 192.168.1.6:60535 -> 52.114.77.33:443
Flow 25 risky: tcp 192.168.1.6:60543 -> 52.114.77.33:443
Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443
Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443
-Flow 30 risky: tcp 192.168.1.6:60546 -> 167.99.215.164:4434
-Flow 61 risky: tcp 192.168.1.6:60566 -> 167.99.215.164:4434
Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
diff --git a/test/results/flow-captured/default/tls_1.2_unidirectional_client.pcapng.out b/test/results/flow-captured/default/tls_1.2_unidirectional_client.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/tls_1.2_unidirectional_client.pcapng.out
diff --git a/test/results/flow-captured/default/tls_1.2_unidirectional_client_no_cert.pcapng.out b/test/results/flow-captured/default/tls_1.2_unidirectional_client_no_cert.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/tls_1.2_unidirectional_client_no_cert.pcapng.out
diff --git a/test/results/flow-captured/default/tls_1.2_unidirectional_server.pcapng.out b/test/results/flow-captured/default/tls_1.2_unidirectional_server.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/tls_1.2_unidirectional_server.pcapng.out
diff --git a/test/results/flow-captured/default/tls_1.2_unidirectional_server_no_cert.pcapng.out b/test/results/flow-captured/default/tls_1.2_unidirectional_server_no_cert.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/tls_1.2_unidirectional_server_no_cert.pcapng.out
diff --git a/test/results/flow-captured/default/tls_1.3_unidirectional_client.pcapng.out b/test/results/flow-captured/default/tls_1.3_unidirectional_client.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/tls_1.3_unidirectional_client.pcapng.out
diff --git a/test/results/flow-captured/default/tls_1.3_unidirectional_server.pcapng.out b/test/results/flow-captured/default/tls_1.3_unidirectional_server.pcapng.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/tls_1.3_unidirectional_server.pcapng.out
diff --git a/test/results/flow-captured/default/tls_change_cipher.pcap.out b/test/results/flow-captured/default/tls_change_cipher.pcap.out
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/test/results/flow-captured/default/tls_change_cipher.pcap.out
diff --git a/test/results/flow-captured/default/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/flow-captured/default/tls_heur__shadowsocks-tcp.pcapng.out
new file mode 100644
index 000000000..563044a1a
--- /dev/null
+++ b/test/results/flow-captured/default/tls_heur__shadowsocks-tcp.pcapng.out
@@ -0,0 +1,2 @@
+Flow 2 risky: udp 127.0.0.1:41182 -> 127.0.0.53:53
+Flow 3 not-detected: tcp 127.0.0.1:40164 -> 127.0.0.1:1234
diff --git a/test/results/flow-captured/default/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/flow-captured/default/tls_heur__trojan-tcp-tls.pcapng.out
new file mode 100644
index 000000000..85942bf64
--- /dev/null
+++ b/test/results/flow-captured/default/tls_heur__trojan-tcp-tls.pcapng.out
@@ -0,0 +1,3 @@
+Flow 5 risky: udp 127.0.0.1:53154 -> 127.0.0.53:53
+Flow 7 risky: udp 192.168.1.183:39434 -> 192.168.1.253:53
+Flow 2 risky: udp 127.0.0.1:52786 -> 127.0.0.53:53
diff --git a/test/results/flow-captured/default/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/flow-captured/default/tls_heur__vmess-tcp-tls.pcapng.out
new file mode 100644
index 000000000..bf495d8f4
--- /dev/null
+++ b/test/results/flow-captured/default/tls_heur__vmess-tcp-tls.pcapng.out
@@ -0,0 +1,3 @@
+Flow 6 risky: udp 127.0.0.1:45262 -> 127.0.0.53:53
+Flow 2 risky: udp 127.0.0.1:46548 -> 127.0.0.53:53
+Flow 8 risky: udp 192.168.1.183:42485 -> 192.168.1.253:53
diff --git a/test/results/flow-captured/default/tls_heur__vmess-tcp.pcapng.out b/test/results/flow-captured/default/tls_heur__vmess-tcp.pcapng.out
new file mode 100644
index 000000000..57479df0d
--- /dev/null
+++ b/test/results/flow-captured/default/tls_heur__vmess-tcp.pcapng.out
@@ -0,0 +1,2 @@
+Flow 3 not-detected: tcp 127.0.0.1:40818 -> 127.0.0.1:1234
+Flow 2 risky: udp 127.0.0.1:35957 -> 127.0.0.53:53
diff --git a/test/results/flow-captured/default/tls_heur__vmess-websocket.pcapng.out b/test/results/flow-captured/default/tls_heur__vmess-websocket.pcapng.out
new file mode 100644
index 000000000..237524927
--- /dev/null
+++ b/test/results/flow-captured/default/tls_heur__vmess-websocket.pcapng.out
@@ -0,0 +1 @@
+Flow 3 risky: tcp 127.0.0.1:33702 -> 127.0.0.1:1234
diff --git a/test/results/flow-captured/default/tls_with_huge_ch.pcapng.out b/test/results/flow-captured/default/tls_with_huge_ch.pcapng.out
new file mode 100644
index 000000000..001aa041c
--- /dev/null
+++ b/test/results/flow-captured/default/tls_with_huge_ch.pcapng.out
@@ -0,0 +1 @@
+Flow 1 risky: tcp 172.30.84.193:40640 -> 208.253.217.142:443
diff --git a/test/results/flow-captured/default/tor.pcap.out b/test/results/flow-captured/default/tor.pcap.out
index e379ec029..c48d3f0d5 100644
--- a/test/results/flow-captured/default/tor.pcap.out
+++ b/test/results/flow-captured/default/tor.pcap.out
@@ -1,8 +1,6 @@
-Flow 3 risky: tcp 192.168.1.252:51112 -> 38.229.70.53:443
-Flow 1 risky: tcp 192.168.1.252:51110 -> 91.143.93.242:443
Flow 5 risky: udp 192.168.1.252:138 -> 192.168.1.255:138
+Flow 1 risky: tcp 192.168.1.252:51110 -> 91.143.93.242:443
Flow 2 risky: tcp 192.168.1.252:51111 -> 46.59.52.31:443
Flow 8 risky: tcp 192.168.1.252:51175 -> 91.143.93.242:443
Flow 7 risky: tcp 192.168.1.252:51174 -> 212.83.155.250:443
-Flow 10 risky: tcp 192.168.1.252:51185 -> 62.210.137.230:443
-Flow 9 risky: tcp 192.168.1.252:51176 -> 38.229.70.53:443
+Flow 3 risky: tcp 192.168.1.252:51112 -> 38.229.70.53:443
diff --git a/test/results/flow-captured/default/waze.pcap.out b/test/results/flow-captured/default/waze.pcap.out
index 5eadfae81..f35eddff7 100644
--- a/test/results/flow-captured/default/waze.pcap.out
+++ b/test/results/flow-captured/default/waze.pcap.out
@@ -1,6 +1,4 @@
Flow 3 risky: tcp 10.8.0.1:54915 -> 65.39.128.135:80
-Flow 18 risky: tcp 10.8.0.1:39021 -> 52.17.114.219:443
-Flow 6 risky: tcp 10.8.0.1:36102 -> 46.51.173.182:443
Flow 4 risky: tcp 10.8.0.1:45529 -> 54.230.227.172:80
Flow 8 risky: tcp 10.8.0.1:45536 -> 54.230.227.172:80
Flow 9 risky: tcp 10.8.0.1:45538 -> 54.230.227.172:80
@@ -9,7 +7,8 @@ Flow 15 risky: tcp 10.8.0.1:45546 -> 54.230.227.172:80
Flow 16 risky: tcp 10.8.0.1:45552 -> 54.230.227.172:80
Flow 17 risky: tcp 10.8.0.1:45554 -> 54.230.227.172:80
Flow 5 risky: tcp 10.8.0.1:36100 -> 46.51.173.182:443
+Flow 6 risky: tcp 10.8.0.1:36102 -> 46.51.173.182:443
Flow 19 risky: tcp 10.8.0.1:36312 -> 176.34.186.180:443
-Flow 7 risky: tcp 10.8.0.1:36585 -> 173.194.118.48:443
+Flow 18 risky: tcp 10.8.0.1:39021 -> 52.17.114.219:443
Flow 1 not-detected: tcp 10.16.37.157:42256 -> 174.37.231.81:5222
Flow 1 midstream: tcp 10.16.37.157:42256 -> 174.37.231.81:5222
diff --git a/test/results/flow-captured/default/webex.pcap.out b/test/results/flow-captured/default/webex.pcap.out
index 1e895a83d..33650debc 100644
--- a/test/results/flow-captured/default/webex.pcap.out
+++ b/test/results/flow-captured/default/webex.pcap.out
@@ -1,18 +1,9 @@
-Flow 2 risky: tcp 10.8.0.1:41348 -> 64.68.105.103:443
-Flow 9 risky: tcp 10.8.0.1:41358 -> 64.68.105.103:443
-Flow 37 risky: tcp 10.8.0.1:51155 -> 62.109.224.120:443
-Flow 36 risky: tcp 10.8.0.1:51154 -> 62.109.224.120:443
-Flow 52 risky: tcp 10.8.0.1:51857 -> 62.109.229.158:443
Flow 45 risky: tcp 10.8.0.1:59756 -> 78.46.237.91:80
Flow 46 risky: tcp 10.8.0.1:59757 -> 78.46.237.91:80
+Flow 52 risky: tcp 10.8.0.1:51857 -> 62.109.229.158:443
Flow 33 midstream: tcp 10.133.206.47:33459 -> 80.74.110.68:443
-Flow 56 risky: tcp 10.8.0.1:51194 -> 62.109.224.120:443
-Flow 35 risky: tcp 10.8.0.1:33512 -> 80.74.110.68:443
-Flow 47 risky: tcp 10.8.0.1:33551 -> 80.74.110.68:443
-Flow 48 risky: tcp 10.8.0.1:33553 -> 80.74.110.68:443
-Flow 49 risky: tcp 10.8.0.1:33554 -> 80.74.110.68:443
-Flow 51 risky: tcp 10.8.0.1:33559 -> 80.74.110.68:443
+Flow 36 risky: tcp 10.8.0.1:51154 -> 62.109.224.120:443
+Flow 37 risky: tcp 10.8.0.1:51155 -> 62.109.224.120:443
Flow 1 risky: tcp 10.8.0.1:41346 -> 64.68.105.103:443
-Flow 3 risky: tcp 10.8.0.1:41350 -> 64.68.105.103:443
-Flow 4 risky: tcp 10.8.0.1:41351 -> 64.68.105.103:443
-Flow 7 risky: tcp 10.8.0.1:41354 -> 64.68.105.103:443
+Flow 2 risky: tcp 10.8.0.1:41348 -> 64.68.105.103:443
+Flow 9 risky: tcp 10.8.0.1:41358 -> 64.68.105.103:443
diff --git a/test/results/flow-captured/default/whatsapp_login_call.pcap.out b/test/results/flow-captured/default/whatsapp_login_call.pcap.out
index 681fca7d1..2dbd14228 100644
--- a/test/results/flow-captured/default/whatsapp_login_call.pcap.out
+++ b/test/results/flow-captured/default/whatsapp_login_call.pcap.out
@@ -1,9 +1,7 @@
-Flow 17 risky: tcp 192.168.2.4:49204 -> 17.173.66.102:443
Flow 39 risky: udp 192.168.2.4:51518 -> 91.253.176.65:9344
Flow 29 risky: udp 192.168.2.4:51518 -> 31.13.93.48:3478
Flow 55 risky: udp 192.168.2.4:52794 -> 91.253.176.65:9665
Flow 38 risky: udp 192.168.2.4:51518 -> 1.194.90.191:60312
-Flow 57 risky: tcp 192.168.2.4:49205 -> 17.173.66.102:443
Flow 6 midstream: tcp 192.168.2.4:49172 -> 23.50.148.228:443
Flow 53 risky: udp 192.168.2.4:52794 -> 31.13.84.48:3478
Flow 54 risky: udp 192.168.2.4:52794 -> 1.194.90.191:51727
@@ -11,3 +9,5 @@ Flow 1 risky: tcp 192.168.2.4:49199 -> 17.172.100.70:993
Flow 1 midstream: tcp 192.168.2.4:49199 -> 17.172.100.70:993
Flow 16 midstream: tcp 192.168.2.4:49193 -> 17.110.229.14:5223
Flow 13 risky: tcp 192.168.2.4:49201 -> 17.178.104.12:443
+Flow 17 risky: tcp 192.168.2.4:49204 -> 17.173.66.102:443
+Flow 57 risky: tcp 192.168.2.4:49205 -> 17.173.66.102:443
diff --git a/test/results/flow-captured/default/windscribe.pcapng.out b/test/results/flow-captured/default/windscribe.pcapng.out
index c714774e3..e69de29bb 100644
--- a/test/results/flow-captured/default/windscribe.pcapng.out
+++ b/test/results/flow-captured/default/windscribe.pcapng.out
@@ -1 +0,0 @@
-Flow 1 risky: tcp 192.168.12.156:42192 -> 107.161.86.132:443
diff --git a/test/results/flow-captured/default/zoom.pcap.out b/test/results/flow-captured/default/zoom.pcap.out
index 40e91288c..7537da3f2 100644
--- a/test/results/flow-captured/default/zoom.pcap.out
+++ b/test/results/flow-captured/default/zoom.pcap.out
@@ -1,6 +1,5 @@
-Flow 30 risky: tcp 192.168.1.117:54871 -> 109.94.160.99:443
Flow 9 risky: udp 192.168.1.117:65394 -> 192.168.1.1:53
Flow 14 risky: udp 192.168.1.117:23903 -> 162.255.38.14:3479
-Flow 3 risky: tcp 192.168.1.117:54863 -> 167.99.215.164:4434
Flow 16 risky: tcp 192.168.1.117:53872 -> 35.186.224.53:443
Flow 16 midstream: tcp 192.168.1.117:53872 -> 35.186.224.53:443
+Flow 30 risky: tcp 192.168.1.117:54871 -> 109.94.160.99:443
Powered by cgit, Themed by Ted Yin.