1 files changed, 67 insertions, 14 deletions

diff --git a/test/results/flow-info/default/sites.pcapng.out b/test/results/flow-info/default/sites.pcapng.out
index 6e610a02b..17d817050 100644
--- a/test/results/flow-info/default/sites.pcapng.out
+++ b/test/results/flow-info/default/sites.pcapng.out
@@ -99,8 +99,8 @@
          detected: [....17] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Unknown][Shopping][Safe][www.ebay.com]
  detection-update: [....17] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Unknown][Shopping][Safe][www.ebay.com]
               new: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443]
-         detected: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.UbuntuONE][UbuntuONE][Cloud][Acceptable][assets.ubuntu.com]
- detection-update: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.UbuntuONE][UbuntuONE][Cloud][Acceptable][assets.ubuntu.com]
+         detected: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.Canonical][Canonical][Cloud][Acceptable][assets.ubuntu.com]
+ detection-update: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.Canonical][Canonical][Cloud][Acceptable][assets.ubuntu.com]
               new: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443]
          detected: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Unknown][Streaming][Fun][hulu.com]
  detection-update: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Unknown][Streaming][Fun][hulu.com]
@@ -168,7 +168,7 @@
              idle: [....23] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] [TLS.Bloomberg][Unknown][Cloud][Acceptable]
              idle: [....31] [ip4][..tcp] [..192.168.1.128][38858] -> [142.250.180.142][..443] [TLS.GoogleMaps][Google][Web][Safe]
              idle: [....11] [ip4][..tcp] [..192.168.1.128][53998] -> [..172.65.251.78][..443] [TLS.GitLab][Cloudflare][Collaborative][Fun]
-             idle: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.UbuntuONE][UbuntuONE][Cloud][Acceptable]
+             idle: [....18] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.Canonical][Canonical][Cloud][Acceptable]
              idle: [....25] [ip4][..tcp] [..192.168.1.128][48654] -> [...13.107.42.14][..443] [TLS.LinkedIn][Azure][SocialNetwork][Fun]
              idle: [....19] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Unknown][Streaming][Fun]
              idle: [....17] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Unknown][Shopping][Safe]
@@ -179,8 +179,8 @@
              idle: [....16] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Unknown][Web][Safe]
              idle: [....32] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Unknown][Game][Fun]
               new: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443]
-         detected: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.office.com]
- detection-update: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.office.com]
+         detected: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Microsoft365][Teams][Collaborative][Acceptable][teams.office.com]
+ detection-update: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Microsoft365][Teams][Collaborative][Acceptable][teams.office.com]
               new: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443]
          detected: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AmazonAWS][Video][Fun][www.primevideo.com]
  detection-update: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AmazonAWS][Video][Fun][www.primevideo.com]
@@ -188,10 +188,10 @@
          detected: [....37] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Google][Cloud][Acceptable][drive.google.com]
  detection-update: [....37] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Google][Cloud][Acceptable][drive.google.com]
               new: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443]
-         detected: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Teams][Azure][Collaborative][Safe][onedrive.com]
- detection-update: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Microsoft][Azure][Cloud][Safe][onedrive.com]
+         detected: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS][Azure][Web][Safe][onedrive.com]
+ detection-update: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable][onedrive.com]
               new: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443]
-         detected: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable][onedrive.live.com]
+         detected: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS][Azure][Web][Safe][onedrive.live.com]
  detection-update: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable][onedrive.live.com]
               new: [....40] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443]
          detected: [....40] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] [TLS.IFLIX][Tencent][Video][Fun][www.iflix.com]
@@ -218,8 +218,8 @@
              idle: [....42] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] [TLS][Google][Web][Safe]
              idle: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable]
              idle: [....41] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] [QUIC.Google][Google][Web][Acceptable][hangouts.google.com]
-             idle: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Microsoft][Azure][Cloud][Safe]
-             idle: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe]
+             idle: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable]
+             idle: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Microsoft365][Teams][Collaborative][Acceptable]
              idle: [....34] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AmazonAWS][VirtAssistant][Acceptable]
      DAEMON-EVENT: [Processed: 496 pkts][ZLib][compressions: 0|diff: 0 / 0]
      DAEMON-EVENT: [Flows][active: 1 / 44|skipped: 0|!detected: 0|guessed: 4|detection-updates: 43|updates: 1]
@@ -266,8 +266,8 @@
      DAEMON-EVENT: [Processed: 584 pkts][ZLib][compressions: 0|diff: 0 / 0]
      DAEMON-EVENT: [Flows][active: 3 / 52|skipped: 0|!detected: 0|guessed: 4|detection-updates: 51|updates: 1]
               new: [....53] [ip4][..tcp] [..192.168.1.245][46174] -> [.....5.61.23.30][..443]
-         detected: [....53] [ip4][..tcp] [..192.168.1.245][46174] -> [.....5.61.23.30][..443] [TLS][Unknown][Web][Safe][732231.ms.ok.ru]
- detection-update: [....53] [ip4][..tcp] [..192.168.1.245][46174] -> [.....5.61.23.30][..443] [TLS][Unknown][Web][Safe][732231.ms.ok.ru]
+         detected: [....53] [ip4][..tcp] [..192.168.1.245][46174] -> [.....5.61.23.30][..443] [TLS][VK][Web][Safe][732231.ms.ok.ru]
+ detection-update: [....53] [ip4][..tcp] [..192.168.1.245][46174] -> [.....5.61.23.30][..443] [TLS][VK][Web][Safe][732231.ms.ok.ru]
              idle: [....50] [ip6][..tcp] [..2001:b07:a3d:c112:9a00:ba78:86b1:e177][48594] -> [...................2001:67c:4e8:f004::9][..443] [TLS.Telegram][Telegram][Chat][Acceptable]
              idle: [....51] [ip6][..tcp] [..2001:b07:a3d:c112:9a00:ba78:86b1:e177][48616] -> [...................2001:67c:4e8:f004::9][..443] [TLS.Telegram][Telegram][Chat][Acceptable]
              idle: [....52] [ip6][..tcp] [..2001:b07:a3d:c112:9a00:ba78:86b1:e177][48624] -> [...................2001:67c:4e8:f004::9][..443] [TLS.Telegram][Telegram][Chat][Acceptable]
@@ -282,7 +282,7 @@
               new: [....56] [ip4][..tcp] [.192.168.88.171][55280] -> [.124.237.225.21][..443]
          detected: [....56] [ip4][..tcp] [.192.168.88.171][55280] -> [.124.237.225.21][..443] [TLS.iQIYI][Unknown][Streaming][Fun][msg.qy.net]
  detection-update: [....56] [ip4][..tcp] [.192.168.88.171][55280] -> [.124.237.225.21][..443] [TLS.iQIYI][Unknown][Streaming][Fun][msg.qy.net]
-              end: [....53] [ip4][..tcp] [..192.168.1.245][46174] -> [.....5.61.23.30][..443] [TLS][Unknown][Web][Safe]
+              end: [....53] [ip4][..tcp] [..192.168.1.245][46174] -> [.....5.61.23.30][..443] [TLS][VK][Web][Safe]
      DAEMON-EVENT: [Processed: 623 pkts][ZLib][compressions: 0|diff: 0 / 0]
      DAEMON-EVENT: [Flows][active: 3 / 56|skipped: 0|!detected: 0|guessed: 4|detection-updates: 55|updates: 1]
               new: [....57] [ip4][..tcp] [.192.168.88.171][49217] -> [.54.208.106.218][..443]
@@ -325,6 +325,59 @@
               new: [....64] [ip4][..tcp] [..192.168.1.183][44102] -> [..146.70.182.51][..443]
          detected: [....64] [ip4][..tcp] [..192.168.1.183][44102] -> [..146.70.182.51][..443] [TLS.SurfShark][Unknown][VPN][Acceptable][it-mil-v086.prod.surfshark.com]
  detection-update: [....64] [ip4][..tcp] [..192.168.1.183][44102] -> [..146.70.182.51][..443] [TLS.SurfShark][Unknown][VPN][Acceptable][it-mil-v086.prod.surfshark.com]
-             idle: [....64] [ip4][..tcp] [..192.168.1.183][44102] -> [..146.70.182.51][..443] [TLS.SurfShark][Unknown][VPN][Acceptable]
              idle: [....63] [ip4][..tcp] [..192.168.1.245][58624] -> [.104.16.156.111][..443] [TLS.NordVPN][Cloudflare][VPN][Acceptable]
+     DAEMON-EVENT: [Processed: 699 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 64|skipped: 0|!detected: 0|guessed: 4|detection-updates: 62|updates: 1]
+              new: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443]
+         detected: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443] [TLS.RUTUBE][Unknown][Media][Fun][rutube.ru]
+ detection-update: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443] [TLS.RUTUBE][Unknown][Media][Fun][rutube.ru]
+          analyse: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443] [TLS.RUTUBE][Unknown][Media][Fun]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........:      0.000|     0.039|     0.005|     0.010|           96.590|    2.800]
+                   [PKTLEN......:     40.000|  2031.000|   980.300|   674.000|       454340.000|    4.500]
+                   [BINS(c->s)..: 5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
+                   [BINS(s->c)..: 3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,17,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1]
+                   [IATS(ms)....: 5.3,5.3,0.2,9.2,0.0,0.0,0.0,0.0,9.0,1.8,0.2,11.1,0.0,0.0,9.0,39.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,39.1,12.9,0.0,0.0,0.0,0.0]
+                   [PKTLENS.....: 52,48,40,557,46,1500,1500,1216,941,40,120,2031,46,327,327,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,40,1500,1500,1500,1500,1500]
+                   [ENTROPIES...: 4.5,5.0,4.7,6.6,4.7,7.8,7.9,7.9,7.7,4.7,6.2,7.9,4.7,7.3,7.3,4.7,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,4.7,7.9,7.9,7.9,7.9,7.9]
+             idle: [....64] [ip4][..tcp] [..192.168.1.183][44102] -> [..146.70.182.51][..443] [TLS.SurfShark][Unknown][VPN][Acceptable]
+     DAEMON-EVENT: [Processed: 798 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 65|skipped: 0|!detected: 0|guessed: 4|detection-updates: 63|updates: 1]
+              new: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443]
+         detected: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443] [TLS.Ubiquity][AmazonAWS][Network][Safe][www.ui.com]
+ detection-update: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443] [TLS.Ubiquity][AmazonAWS][Network][Safe][www.ui.com]
+              end: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443] [TLS.RUTUBE][Unknown][Media][Fun][rutube.ru]
+     DAEMON-EVENT: [Processed: 816 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 66|skipped: 0|!detected: 0|guessed: 4|detection-updates: 64|updates: 1]
+              new: [....67] [ip4][..tcp] [...192.168.1.31][50095] -> [..176.112.173.3][..443]
+         detected: [....67] [ip4][..tcp] [...192.168.1.31][50095] -> [..176.112.173.3][..443] [TLS.VK][VK][SocialNetwork][Fun][pubsub.live.vkvideo.ru]
+             idle: [....66] [ip4][..tcp] [..192.168.1.125][60828] -> [...3.165.239.54][..443] [TLS.Ubiquity][AmazonAWS][Network][Safe]
+     DAEMON-EVENT: [Processed: 820 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 67|skipped: 0|!detected: 0|guessed: 4|detection-updates: 64|updates: 1]
+              new: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443]
+         detected: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443] [QUIC][AmazonAWS][Web][Acceptable]
+ detection-update: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443] [QUIC.Kick][AmazonAWS][Video][Fun][clips.kick.com]
+                   RISK: Unidirectional Traffic
+              new: [....69] [ip4][..tcp] [...192.168.1.17][55956] -> [.188.114.99.224][..443]
+         detected: [....69] [ip4][..tcp] [...192.168.1.17][55956] -> [.188.114.99.224][..443] [TLS.Kick][Cloudflare][Video][Fun][kick.com]
+             idle: [....67] [ip4][..tcp] [...192.168.1.31][50095] -> [..176.112.173.3][..443] [TLS.VK][VK][SocialNetwork][Fun]
+     DAEMON-EVENT: [Processed: 828 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 2 / 69|skipped: 0|!detected: 0|guessed: 4|detection-updates: 65|updates: 1]
+              new: [....70] [ip4][..tcp] [...192.168.1.17][55718] -> [213.180.204.183][...80]
+         detected: [....70] [ip4][..tcp] [...192.168.1.17][55718] -> [213.180.204.183][...80] [HTTP.Canonical][Yandex][Cloud][Acceptable][ru.archive.ubuntu.com]
+             idle: [....68] [ip4][..udp] [...192.168.1.17][59392] -> [....3.164.68.49][..443] [QUIC.Kick][AmazonAWS][Video][Fun][clips.kick.com]
+                   RISK: Unidirectional Traffic
+             idle: [....69] [ip4][..tcp] [...192.168.1.17][55956] -> [.188.114.99.224][..443] [TLS.Kick][Cloudflare][Video][Fun]
+              new: [....71] [ip4][..tcp] [...192.168.1.17][60888] -> [.185.125.188.54][..443]
+         detected: [....71] [ip4][..tcp] [...192.168.1.17][60888] -> [.185.125.188.54][..443] [TLS.Canonical][Canonical][Cloud][Acceptable][api.snapcraft.io]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              new: [....72] [ip4][..tcp] [...192.168.1.17][57042] -> [.185.125.190.80][..443]
+         detected: [....72] [ip4][..tcp] [...192.168.1.17][57042] -> [.185.125.190.80][..443] [TLS.Canonical][Canonical][Cloud][Acceptable][ppa.launchpadcontent.net]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....72] [ip4][..tcp] [...192.168.1.17][57042] -> [.185.125.190.80][..443] [TLS.Canonical][Canonical][Cloud][Acceptable]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....71] [ip4][..tcp] [...192.168.1.17][60888] -> [.185.125.188.54][..443] [TLS.Canonical][Canonical][Cloud][Acceptable]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....70] [ip4][..tcp] [...192.168.1.17][55718] -> [213.180.204.183][...80] [HTTP.Canonical][Yandex][Cloud][Acceptable]
      DAEMON-EVENT: shutdown