1 files changed, 42 insertions, 0 deletions

diff --git a/test/results/flow-info/default/nordvpn.pcap.out b/test/results/flow-info/default/nordvpn.pcap.out
new file mode 100644
index 000000000..ef44c34d3
--- /dev/null
+++ b/test/results/flow-info/default/nordvpn.pcap.out
@@ -0,0 +1,42 @@
+     DAEMON-EVENT: init
+              new: [.....1] [ip4][..udp] [..192.168.1.204][53465] -> [.138.199.54.231][51820]
+         detected: [.....1] [ip4][..udp] [..192.168.1.204][53465] -> [.138.199.54.231][51820] [WireGuard.NordVPN][NordVPN][VPN][Acceptable]
+              new: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198]
+          analyse: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     1.083|     0.099|     0.265|        70319.784|    2.400]
+                   [PKTLEN......:    101.000|  1144.000|   328.800|   349.500|       122181.900|    4.400]
+                   [BINS(c->s)..: 0,0,4,12,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 0,0,2,1,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,1,1,1,1,1,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0]
+                   [IATS(ms)....: 36.5,37.2,34.8,0.1,0.0,0.0,0.0,34.7,0.1,0.0,0.0,30.5,31.1,31.8,0.1,31.1,0.3,1045.9,1082.7,0.1,218.3,0.1,0.0,0.0,34.8,1.2,13.9,0.1,0.0,0.0,398.1]
+                   [PKTLENS.....: 114,126,409,122,1144,1144,1144,1144,126,130,134,138,834,707,284,362,146,150,173,122,392,150,159,129,129,129,128,117,117,101,189,128]
+                   [ENTROPIES...: 6.3,6.6,6.9,6.4,7.9,7.8,7.8,7.8,6.3,6.5,6.5,6.5,7.8,7.7,7.2,7.5,6.5,6.4,6.8,6.4,7.4,6.6,6.6,6.5,6.4,6.5,6.5,6.3,6.3,6.2,6.9,6.4]
+          guessed: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198] [NordVPN][NordVPN][VPN][Acceptable]
+                   RISK: Susp Entropy
+              new: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995]
+          analyse: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.562|     0.072|     0.121|        14556.123|    3.700]
+                   [PKTLEN......:     40.000|  1500.000|   350.900|   470.200|       221099.300|    4.000]
+                   [BINS(c->s)..: 4,0,1,6,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
+                   [BINS(s->c)..: 7,0,1,2,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,0,1]
+                   [IATS(ms)....: 37.9,38.1,1.8,34.4,0.1,32.8,37.6,0.0,0.0,0.0,37.4,1.0,32.1,31.1,32.4,32.4,76.0,75.9,32.6,0.1,34.6,35.0,33.6,34.1,82.8,428.0,562.3,84.9,33.6,185.1,183.7]
+                   [PKTLENS.....: 52,52,40,128,46,140,423,136,1500,1500,1500,40,140,116,252,863,152,46,728,46,298,160,383,164,405,40,1457,46,142,46,143,46]
+                   [ENTROPIES...: 4.6,4.9,4.8,6.5,4.5,6.6,7.0,6.6,7.9,7.9,7.9,4.9,6.5,6.3,7.0,7.7,6.6,4.9,7.7,4.9,7.2,6.5,7.4,6.5,7.5,4.9,7.8,5.0,6.6,4.8,6.6,4.9]
+          guessed: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995] [POPS][NordVPN][Email][Safe]
+                   RISK: Fully Encrypted Flow
+              new: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443]
+         detected: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443] [TLS.NordVPN][NordVPN][VPN][Acceptable][it315.nordvpn.com]
+                   RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
+ detection-update: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443] [TLS.NordVPN][NordVPN][VPN][Acceptable][it315.nordvpn.com]
+                   RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
+             idle: [.....1] [ip4][..udp] [..192.168.1.204][53465] -> [.138.199.54.231][51820] [WireGuard.NordVPN][NordVPN][VPN][Acceptable]
+             idle: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198] [NordVPN][NordVPN][VPN][Acceptable]
+                   RISK: Susp Entropy
+             idle: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443] [TLS.NordVPN][NordVPN][VPN][Acceptable]
+                   RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
+             idle: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995] [POPS][NordVPN][Email][Safe]
+                   RISK: Fully Encrypted Flow
+     DAEMON-EVENT: shutdown